Introduction to Open Enclave SDK

Thursday March 25, 9am PDT


The key technology that enables confidential computing is hardware-based trusted execution environments (TEEs). TEEs allow for processing data in an isolated memory region, an enclave, and therefore enforcing the data-in-use protection against the rest of the host system. However, developing a TEE application requires non-trivial effort, including:

1) interacting with TEE hardware to bootstrap an enclave
2) providing support for the application runtime in the enclave
3) handling TEE-specific features such as remote attestation

To reduce the gap, we introduce Open Enclave (OE). OE is an open-source C/C++ SDK that abstracts the low-level details of TEE hardware. Further, OE provides high-level APIs for enclave operations (e.g., creation and termination) and remote attestation. Moreover, OE supports both multi-TEE (Intel SGX and ARM TrustZone) and multi-OS (Linux and Windows). Being part of the confidential computing ecosystem, OE has served as a great foundation to build TEE applications (e.g., cloud services) with minimum TCB and high-level frameworks (e.g., Mystikos, Edgeless RT, and Confidential Consortium Framework) for broader classes of TEE applications.

Learn more about Open Enclave SDK at our website and Github

Key Topics

  • Architectural overview
  • Programming model
  • Use cases and demo
  • Call for contribution


Aeva Black

Open Source Program Manager

Aeva Black is a radically queer geek and Linux user since the mid '90s who has been an advocate for Open Source since 2003. They pioneered the creation of Ironic, OpenStack's Bare Metal Cloud project while at HPE, and have contributed to projects such as MySQL, Ansible, and Kubernetes.

Read More

Ming-Wei Shih

Software Engineer at Microsoft

Ming-Wei Shih is a maintainer of OE SDK. He earned his Ph.D. in Computer Science from Georgia Institute of Technology.

Read More