Reputation: 33
How to write Confidential/SGX apps with Golang?
I would like to develop and deploy my Go microservices as SGX-/Confidential Computing app. What are the requirements?
Upvotes: 1
Views: 973
Answers (1)
Reputation: 56
Writing Confidential Computing Apps with Go requires two things:
1. A Go runtime that runs inside the Confidential/SGX enclave
Two approaches exist here:
Generic LibraryOS (the intermediate between process- and vm-based enclaves)
- Graphene: https://grapheneproject.io/ (Not supporting Go yet)
- Occlum: https://occlum.io/
- LKL: https://github.com/lsds/sgx-lkl
Go SDKs and runtimes: While several runtimes for SGX exists to my knowledge only EGo supports Go.
2. An SGX API for Go (for remote attestation, sealing, etc. directly from Go)
The LibraryOS's have their own API and might support Go bindings in the future, but when writing this you'd still need to write your own Go bindings in C/C++.
The ertgolib that goes together with the ertruntime provides a fully functional API layer that exposes most of the OpenEnclave/SGX functionalities directly to Go
Upvotes: 1
Related Questions
- Not able to access gcp secret manager from standalone go application
- Running go program on Google Cloud Run without listening for incoming HTTP requests
- Secure "hello world" Google cloud function
- Authenticate client call to Cloud Function in Golang using service account
- Methods of Authentication in Go for App Engine
- Workflow for Google Cloud Functions with Golang
- Google Cloud Platform, Golang Flexible Environment HTTPS only for custom domain
- Providing Google service account credentials manually in Golang
- Golang pgp without secring
- Golang: protect source code