Home

Enarx is an application deployment system enabling applications to run within Trusted Execution Environments (TEEs) without rewriting for particular platforms or SDKs. It handles attestation and delivery into a run-time “Keep” based on WebAssembly, offering developers a wide range of language choices for implementation. Enarx is CPU-architecture independent, enabling the same application code to be deployed across multiple targets, abstracting issues such as cross-compilation and differing attestation mechanisms between hardware vendors. Work is currently underway on AMD SEV and Intel SGX.

Contents

• FAQ | Introduction

---

• Architectural
  • Components
  • SEV architectural
  • SGX architectural
  • Trust architecture
• Process
  • Enarx process flow
• Projects & code (links to github projects external to this wiki)
  • enarx
    • cipherpipe - Cipherpipe is a wrapper around libc to add the IPPROTO_TLS socket protocol.
    • demo - A demonstration of running encrypted code in an SEV VM
    • flagset - Rust data types and a macro for generating enumeration-based bit flags
    • frenetic - A library for stackful coroutines with no OS dependencies.
    • ketuvim - A Safe Rust API for KVM
    • sev - A Safe Rust API for managing AMD SEV
    • sevctl - A CLI utility for managing AMD SEV
    • tlssock - A library exposing TLS/DTLS sockets using the POSIX networking APIs

---

Gitter chat: IRC: #enarx on freenode