This project provides SGX-LKL, a library OS designed to run unmodified Linux binaries within Intel SGX enclaves. It targets developers and researchers needing to execute complex applications like TensorFlow or Python securely and isolated from the host OS, offering a way to leverage SGX without application modification.

How It Works

SGX-LKL utilizes the Linux Kernel Library (LKL) to provide a POSIX-compliant environment inside SGX enclaves. It pairs LKL with a modified musl C standard library. System calls are handled by LKL within the enclave, with the host only providing I/O resource access. This approach allows complex applications to run with minimal changes, benefiting from SGX's hardware-based security.

Quick Start & Requirements

• Installation: Install via Debian package (sudo apt install sgx-lkl-debug) or build from source. Requires git, make, gcc/g++ (>=7.4), python, and various development libraries.
• Host Setup: Requires sgx-lkl-setup after installation. Optimal performance requires a Linux kernel with userspace FSGSBASE instruction support.
• Application Requirements: Applications must be dynamically linked against musl libc.
• Resources: Building from source involves downloading several GBs for LKL submodules.
• Documentation: FAQ, Host Interface, Incompatibilities.

Highlighted Details

• Supports running unmodified Linux binaries, including complex applications and runtimes (TensorFlow, PyTorch, Python, JVM).
• Offers both hardware SGX mode and software simulation mode.
• sgx-lkl-disk tool simplifies creating disk images from Alpine Linux packages, Dockerfiles, or custom files, with support for encryption and integrity protection (dm-verity, dm-integrity).
• Experimental Open Enclave (OE) edition is available (oe_port branch).

Maintenance & Community

This is described as an ongoing research project with features under development and known bugs. Links to community resources are not explicitly provided in the README.

Licensing & Compatibility

The project appears to be primarily licensed under Apache 2.0, but specific components or dependencies might have different licenses. Compatibility for commercial use is not explicitly detailed, but the research nature suggests caution.

Limitations & Caveats

The project is in alpha quality and not for production. It has known incompatibilities and bugs. The fork() system call is not supported, limiting multi-process applications. The OE edition is experimental. FSGSBASE support is not yet in mainline Linux kernels.