All Posts By

confidentialcomputingconsortium

Gramine 1.0 release

By Blog No Comments

Announcing Gramine production ready release!

Having recently joined the Confidential Computing Consortium in the Linux Foundation, The Gramine Project (formerly known as Graphene) is proud to announce the first production-ready version to enable protecting sensitive workloads with Intel® Software Guard Extensions (Intel® SGX).

The project started as a research prototype at Stony Brook University in 2011, and the first open-source version was published in 2014, followed by the Intel® SGX port in 2017 in collaboration with Intel Labs. In December 2018, Golem and ITL joined the project, forming the core of the open source community around the project, including a first release.  The Gramine community has subsequently grown into a diverse group of contributors, from universities, small and large companies, as well as individuals.

Gramine not only runs Linux applications on Intel® SGX out of the box, but also provides several tools and infrastructure components for a push-button lift-and-shift paradigm for running unmodified applications on confidential computing platforms based on  Intel® SGX. Gramine supports both local and remote Intel® SGX attestation, and with both EPID and DCAP schemes. With the protected files feature, security-critical files are automatically encrypted and decrypted inside the enclave. Gramine supports several performance optimizations for Intel® SGX applications including asynchronous system calls. Gramine is one of the few frameworks that supports multi-process applications by providing a complete and secure fork implementation. Gramine supports Docker integration via a tool called Gramine Shielded Containers (GSC) that automatically converts Docker images to Gramine images.  Containers built with GSC can be deployed via Kubernetes for confidential containers and microservices.  Gramine also supports cloud deployment with Azure Confidential VMs and integrates with Azure Kubernetes Services in Azure cloud.

Since our last release, there have been major changes in the code with 1272 files changed, 100637 insertions, 112144 deletions, 1648 commits from 49 authors. This includes a major rewrite of the code that handles features including memory management, thread handling, process handling, filesystem and signal handling. You can find the detailed changelog at our github.  In future, we plan to continue Gramine development with additional features, code cleanup, tooling, and documentation. We also plan to add generic support for I/O device communication as well as add additional Platform Adaptation Layers (PAL) for other TEEs like Intel® TDX.

Gramine has a growing set of well-tested applications including machine learning frameworks, databases, web servers, and programming language runtimes and there are several projects that are already experimenting with Gramine for developing their solutions to protect data in use. We expect that Gramine 1.0 will bring many of those solutions to production. We look forward to your feedback as you deploy this latest version of Gramine for your confidential computing solutions with lift-and-shift capability.

For more information on the release please check out: https://github.com/gramineproject/gramine/releases/tag/v1.0

We invite you to join the Gramine community and contribute to adoption of  confidential computing through open source collaboration.

Confidential Computing microconference at Linux Plumbers Conference September 20-24th, 2021

By Announcement No Comments

The Confidential Computing microconference focuses on solutions to the development of using the state of the art encyption technologies for live encryption of data, and how to utilize the technologies from AMD (SEV), Intel (TDX),  s390 and ARM Secure Virtualization for secure computation of VMs, containers and more. To learn more, please visit: https://www.linuxplumbersconf.org/event/11/page/104-accepted-microconferences#cont-cf

Suggested Topics:

For more references, see:

MC lead:

  • Joerg Roedel <joro@8bytes.org>

Gramine (formerly known as Graphene) Joins the Linux Foundation Confidential Computing Consortium

By Announcement No Comments

Gramine is the newest project at the Confidential Computing Consortium!

Gramine (formerly known as Graphene) is a lightweight library OS, designed to run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine — including guest customization, ease of porting to different OSes, and process migration.

In untrusted cloud and edge deployments, there is a strong desire to shield the whole application from the rest of the infrastructure. Gramine supports this “lift and shift” paradigm for bringing unmodified applications into Confidential Computing with Intel® SGX. Gramine can protect applications from a malicious system stack with minimal porting effort.

Today, the Gramine project, with the direction determined by a diverse group of contributors, from universities, small and large companies, as well as individuals, is proud to join the Linux Foundation as an official Confidential Computing Consortium project. The Confidential Computing Consortium focuses on open source licensed projects securing data in use and accelerating the adoption of confidential computing through open collaboration aligns perfectly with the goals of the Gramine project.

The Confidential Computing Consortium brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards. The consortium supports open source projects that advance the use of hardware-based TEEs. For more information, please visit: https://confidentialcomputing.io