Open Enclave SDK
Integration Partners
Agnostic Cloud Provider
Azure
Introduction
The Open Enclave SDK is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves.
Open Enclave (OE) is an SDK for building enclave applications in C and C++. An enclave application partitions itself into two components:
- An untrusted component (called the host) and
- A trusted component (called the enclave).
An enclave is a protected memory region that provides confidentiality for data and code execution. It is an instance of a Trusted Execution Environment (TEE) which is usually secured by hardware, for example, Intel Software Guard Extensions (SGX).
This SDK aims to generalize the development of enclave applications across TEEs from different hardware vendors. The current implementation provides support for Intel SGX as well as preview support for OP-TEE OS on ARM TrustZone. As an open source project, this SDK also strives to provide a transparent solution that is agnostic to specific vendors, service providers and choice of operating systems.
Getting Started Using OE SDK
You'll find comprehensive documentation in the Getting Started Guide.
Contributing to OE SDK
The community documentation hosts lots of information on where to go to get engaged with the community, whether you want to contribute code, add test cases, help improve our documentation, or something else. If you're looking for information on how to join meetings or who to contact about what, you will find it there.
You don't necessarily need a hardware enclave to develop OE SDK; some tests and code paths can be executed in simulation mode for the purposes of testing on non-TEE-enabled hardware.
Licensing
This project is released under the MIT License.
Send Feedback
Send general questions, announcements, and discussion to the oesdk@lists.confidentialcomputing.io Mailing List.
To report a problem or suggest a new feature, file a GitHub issue.
To report a security issue, please follow the process to report a vulnerability.