Confidential computing is a new form of computing that allows securing data “in use” via Trusted Execution Environments (TEEs). Intel® SGX is one such TEE for Confidential Computing. There is a strong desire to protect legacy applications by running in TEEs to shield themselves from untrusted system software (OS/VMM) with minimal developer intervention. Gramine is a Library OS that provides a flexible and modular architecture for securing unmodified Linux applications/binaries on Intel SGX. Gramine not only supports “Lift” and “Shift” for Linux applications/binaries, but also provides tools and framework for delivering end to end secure solution by automatically supporting remote attestation for verifying application integrity, protected file system for data confidentiality and integration with Docker containers for easy deployment in cloud environments. Gramine is a community maintained open source project and already supports many unmodified Linux applications.
Learn more about Gramine project at our website www.gramineproject.io and Github https://github.com/gramineproject/gramine