The key technology that enables confidential computing is hardware-based trusted execution environments (TEEs). TEEs allow for processing data in an isolated memory region, an enclave, and therefore enforcing the data-in-use protection against the rest of the host system. However, developing a TEE application requires non-trivial effort, including:
1) interacting with TEE hardware to bootstrap an enclave
2) providing support for the application runtime in the enclave
3) handling TEE-specific features such as remote attestation
To reduce the gap, we introduce Open Enclave (OE). OE is an open-source C/C++ SDK that abstracts the low-level details of TEE hardware. Further, OE provides high-level APIs for enclave operations (e.g., creation and termination) and remote attestation. Moreover, OE supports both multi-TEE (Intel SGX and ARM TrustZone) and multi-OS (Linux and Windows). Being part of the confidential computing ecosystem, OE has served as a great foundation to build TEE applications (e.g., cloud services) with minimum TCB and high-level frameworks (e.g., Mystikos, Edgeless RT, and Confidential Consortium Framework) for broader classes of TEE applications.