The open-source landscape of confidential computing in 2021
Ok let’s talk about the state of open source in confidential computing and why I believe that there is a special connection between the two.
As we discussed in an earlier post, confidential computing is based on three key concepts: isolation, runtime encryption, and verifiability. It might be counterintuitive, but verifiability is at least as important as the other two. In fact, without verifiability, the whole concept of secure enclaves doesn’t make much sense.
Confidential computing and open source
If you can’t verify that your workloads are actually running in secure enclaves, any malicious actor (e.g., a hacker in your cloud provider’s systems) could just make you believe that they are and access your data once you sent it over. They would just pretend to be an Intel SGX or AMD SEV processor and run everything in plain.
In confidential computing, you can verify the following: a certain software running in a genuine secure enclave has produced some output. Now such a statement is only insightful, if you know what the precisely that piece of software does. And this is where open source comes into play: if the software running in a secure enclave is open source, then it is much easier to establish trust in it!
The open-source landscape of confidential computing
Ok, now that we have established the importance of open source to confidential computing, let’s take a look at the what’s available open-source-wise.
In the diagram, I tried to include all relevant confidential computing open-source projects on GitHub. (Let me know if I forgot your project!) It shows the “builds on” relationships of projects and names their main corporate sponsors.
On the lowest layer (“foundations”), we find the two well-known projects SGX SDK and Open Enclave. They take care of really low-level things like handling in-enclave exceptions and make enclaves programmable in C and subsets of C++. Except for EDP, Enarx, and Graphene, all projects are directly or indirectly based on one of the two. These projectes can roughly be categorized into language runtimes, library OSes, DevOps tools, app frameworks and actual apps.
Here, Red Hat’s Enarx is again an outlier as it doesn’t really fit into this taxonomy. The circumstance that it runs WebAssembly (WASM) and that it has an enclave-specific implementation of the WASI makes it somewhat a hybrid between a language runtime and a library OS. It also has features that are normally found in app frameworks.
Observations
What’s interesting is that the landscape actually grew from the far ends towards the middle. Folks, including myself when I was still working at Microsoft, started building applications as soon as basic tooling was available. Signal was built on SGX SDK directly, CCF is based on Open Enclave and Project Oak evolved from the groundwork of Asylo. Meanwhile, tooling improved and support for more modern/high-level programming languages like Rust or Go was added by projects like the Rust SGX SDK or Edgeless RT.
In parallel, the breed of library OSes appeared, which promise to run most code regardless of programming language at the cost of a more complicated trusted computing base (TCB). In essence, library OSes try to mimic a Linux-like environment inside enclaves. The SGX-LKL project even goes as far as actually running a full Linux kernel towards this end.
Finally, we’re now seeing the appearance of the first DevOps tools, namely Inclavare and Marblerun. Both were released in the last couple of months. I see it as a great sign of maturity for confidential computing that more and more blank spots on the open-source map are closing. With our Marblerun, for instance, it is now possible to have secure and scalable cloud-native confidential-computing apps running on vanilla Kubernetes. (Check out our recent post on “Marblerun — the service mesh for confidential computing” to learn more.)
What is striking is that there are only very few apps built on the latest and greatest tools and frameworks. Our prediction for 2021 is that the now available tooling will set loose a wave of innovation in apps and that we’ll continue to see substantial improvements on the tooling side.
At Edgeless, we have some great apps and tools in the pipeline and will share more soon. Our recently released EGo framework make the creation of confidential microservices as easy as
ego build my-service.go && ego sign my-service && ego run my-service
In addition, the next release of Marblerun will add support for Graphene and Occlum-based services. This will make it easy to add confidential computing capabilities to existing microservice architectures.
A conference on open source in confidential computing
To help drive adoption of open source in confidential computing, we’re organizing the Open Confidential Computing Conference (OC3). For OC3, our mission is to bring the existing community together and get new people excited about confidential computing. There will be talks by maintainers of many of the projects mentioned above, video speed-networking and roundtables.
Register here for free and join us online on March 11th, 2021 between 4pm and 8pm (CET). Will be fun!
EDIT
In an earlier version of this post, the landscape diagram wrongfully had a link between the Intel SGX SDK and Fortanix EDP. Thanks for making me aware of this!
