EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

Overview

EGo

EGo logo

GitHub Actions Status GitHub license Go Report Card PkgGoDev Gitter Chat

EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:

  • ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.
  • ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.

Building and running a confidential Go app is as easy as:

ego-go build hello.go
ego sign hello
ego run hello

Quick Start

If you are on Ubuntu 18.04 or above and do not want to build EGo from source, you can install the binary release:

wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
sudo add-apt-repository 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main'
wget https://github.com/edgelesssys/ego/releases/download/v0.1.0/ego_0.1.0_amd64.deb
sudo apt install ./ego_0.1.0_amd64.deb

Now you are ready to build applications with EGo! To start, check out the samples.

Build and Install

Prerequisite: Edgeless RT is installed and sourced.

mkdir build
cd build
cmake ..
make
make install

Samples

  • helloworld is a minimal example of an enclave application.
  • remote_attestation shows how to do remote attestation in EGo.
  • vault demonstrates how to port a Go application exemplified by Hashicorp Vault.

Documentation

Issues
  • grpc server gets stuck under stress test

    grpc server gets stuck under stress test

    Issue description

    CPU:Intel 5318Y kernel: 5.12.19 os: debian 10 EGO:v0.4.0 (ecc1a705b7de8c15e1243f6ae888886647d838db)

    Grpc server which starts with ego run will become stuck and can not deal with any requests after low stress test. strace result:
    image htop result:
    image

    I try to use numactl to bind server pid in serveral cpus, and the problem can not be reproduced any more.

    To reproduce

    sample code:

    ...
    
    func PKCS7Padding(ciphertext []byte, blockSize int) []byte {
        padding := blockSize - len(ciphertext)%blockSize
        padtext := bytes.Repeat([]byte{byte(padding)}, padding)
        return append(ciphertext, padtext...)
    }
    
    func PKCS7UnPadding(origData []byte) []byte {
        length := len(origData)
        unpadding := int(origData[length-1])
        return origData[:(length - unpadding)]
    }
    
    func AesEncrypt(plaintext []byte, key, iv []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        blockSize := block.BlockSize()
        plaintext = PKCS7Padding(plaintext, blockSize)
        blockMode := cipher.NewCBCEncrypter(block, iv)
        crypted := make([]byte, len(plaintext))
        blockMode.CryptBlocks(crypted, plaintext)
        return crypted, nil
    }
    
    func AesDecrypt(ciphertext []byte, key, iv []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        blockSize := block.BlockSize()
        blockMode := cipher.NewCBCDecrypter(block, iv[:blockSize])
        origData := make([]byte, len(ciphertext))
        blockMode.CryptBlocks(origData, ciphertext)
        origData = PKCS7UnPadding(origData)
        return origData, nil
    }
    
    func testAes() {
        key, _ := hex.DecodeString("6368616e676520746869732070617373")
        plaintext := []byte("hello ming")
    
        c := make([]byte, aes.BlockSize+len(plaintext))
    iv := c[:aes.BlockSize]
    
        ciphertext, err := AesEncrypt(plaintext, key, iv)
        if err != nil {
            panic(err)
        }
    fmt.Println(base64.StdEncoding.EncodeToString(ciphertext))
    
        plaintext, err = AesDecrypt(ciphertext, key, iv)
        if err != nil {
            panic(err)
        }
        fmt.Println(string(plaintext))
    }
    
    const (
    	port = ":50051"
    )
    
    // server is used to implement helloworld.GreeterServer.
    type server struct {
    	pb.UnimplementedGreeterServer
    }
    
    // SayHello implements helloworld.GreeterServer
    func (s *server) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
    	log.Printf("Received: %v", in.GetName())
            testAes()
    	return &pb.HelloReply{Message: "Hello " + in.GetName()}, nil
    }
    
    func main() {
    	lis, err := net.Listen("tcp", port)
    	if err != nil {
    		log.Fatalf("failed to listen: %v", err)
    	}
    	s := grpc.NewServer()
    	pb.RegisterGreeterServer(s, &server{})
    	log.Printf("server listening at %v", lis.Addr())
    	if err := s.Serve(lis); err != nil {
    		log.Fatalf("failed to serve: %v", err)
    	}
    }
    

    Steps to reproduce the behavior:

    1. Run a simple grpc server through ego. And do aes encryption in it's handler.
    2. use ghz to test the server. ghz -c 5000 -n 50000 --insecure --proto helloworld.proto --import-paths=/mnt/storage09/ego/samples/test/platform/vendor/googleapis,/mnt/storage09/ego/samples/test/platform/vendor/ --call helloworld.Greeter/SayHello -d '{"name":"xxx"}' 127.0.0.1:50051
    3. repeat step 2 serveral times, the server will stuck and client becomes timeout.

    Expected behavior

    Additional info / screenshot

    opened by zcc35357949 29
  • Lack of AIO library related implementation

    Lack of AIO library related implementation

    When I run ego-go to build something some error occurd

    /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::cancel': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb6cancel17hbf37e4caf0e7d1a5E+0x8): undefined reference toaio_cancel' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::error': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5error17hf891cc64bc4a258fE+0x6): undefined reference toaio_error' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::fsync': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5fsync17h2170c97a55ede5a7E+0xb): undefined reference toaio_fsync' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::read': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb4read17h6ab20e9ec57ec7c4E+0xf): undefined reference toaio_read' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::aio_return': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb10aio_return17h02e5428ffd38d90dE+0xa): undefined reference toaio_return' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::write': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5write17h1d0189666438a4cdE+0x6): undefined reference toaio_write' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::aio_cancel_all': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio14aio_cancel_all17h131da5da30c298cdE+0x5): undefined reference toaio_cancel' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::aio_suspend': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio11aio_suspend17h6a76657106d21cfeE+0x14): undefined reference toaio_suspend' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::LioCb::listio': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb6listio17hf4f7f0e84d530c21E+0xeb): undefined reference tolio_listio' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::LioCb::listio_resubmit': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x100): undefined reference toaio_error' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x155): undefined reference to aio_return' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x19d): undefined reference toaio_error' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x242): undefined reference to lio_listio' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in functionnix::sys::aio::LioCb::aio_return': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb10aio_return17h184cf383cae18f5dE+0x39): undefined reference to aio_return' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in functionnix::sys::aio::LioCb::error': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb5error17hd159a6dccbce33bfE+0x33): undefined reference to aio_error' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in functionnix::mqueue::mq_open': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_open17he7df94924c300521E+0xd): undefined reference to mq_open' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_open17he7df94924c300521E+0x1e): undefined reference tomq_open' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_unlink': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue9mq_unlink17hc705c9ffc9c0f4afE+0x6): undefined reference tomq_unlink' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_close': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue8mq_close17h7d761cdb4c0b3a15E+0x3): undefined reference tomq_close' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_receive': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_receive17h5fe711652e61d632E+0x3): undefined reference tomq_receive' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_send': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_send17hf3e8ba66fdb6c7f6E+0x3): undefined reference tomq_send' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_getattr': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_getattr17h387ecd7c907a9f4aE+0x11): undefined reference tomq_getattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_setattr': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_setattr17h7efc98b84d060136E+0x15): undefined reference tomq_setattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_set_nonblock': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue15mq_set_nonblock17h03a5cf5a318e775cE+0x17): undefined reference tomq_getattr' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue15mq_set_nonblock17h03a5cf5a318e775cE+0x4b): undefined reference to mq_setattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in functionnix::mqueue::mq_remove_nonblock': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue18mq_remove_nonblock17hd97691f08d4c3b46E+0x17): undefined reference to mq_getattr' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue18mq_remove_nonblock17hd97691f08d4c3b46E+0x4b): undefined reference tomq_setattr' collect2: error: ld returned 1 exit status

    Does ego not implement AIO-related functions, or is it difficult to implement?

    opened by weitianyuan 21
  • Enclave not authorized to run

    Enclave not authorized to run

    Hello all,

    I run helloworld sample well in sim mode, but failed when running in enclave. The error says

    '[erthost] loading enclave ... [error_driver2api sgx_enclave_common.cpp:273] Enclave not authorized to run, .e.g. provisioning enclave hosted in app without access rights to /dev/sgx_provision. You need add the user id to group sgx_prv or run the app as root. ERROR: enclave_load_data failed (addr=0xc0f6c000, prot=0x1, err=0x6) (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxload.c:oe_sgx_load_enclave_data:695] ERROR: oe_create_enclave failed. (Set OE_SIMULATION=1 for simulation mode.) [src/tools/erthost/erthost.cpp:main:265] ' Have tried as root, not help.

    I use ego 0.41, Ubuntu 20.04 with kernel version 5.13.0-30-generic and sgx driver 2.11.

    opened by pillowsofwind 20
  • cgo links host libc

    cgo links host libc

    OE won't load a binary i'm trying to build with ego, because it contains R_X86_64_IRELATIV

    it's a relocation caused by calling any GLIBC stdio function. but according to https://github.com/openenclave/openenclave/issues/4469 glibc isnt even supposed to be involved in the build process.

    since ego just calls cgo, cgo will call gcc which usually links the host libc. was i supposed to use CC=musl-gcc to avoid this?

    opened by aep 15
  • Remote attestation over TLS format

    Remote attestation over TLS format

    https://github.com/edgelesssys/ego/blob/3d9a417efb206230a78490fc9773465480c92b9a/samples/remote_attestation/ra_client/client.go#L37-L56

    AFAICT, currently the ego library (or at least, the RA example) rely on exposing additional HTTP endpoints on the same server to serve the self-signed cert and a report that binds that to a verifiable SGX quote, and then requires the client to establish a new connection to the server using that (now verified) certificate. This only works if the server is reachable again over a separate connection by the same client (either because there is a single instance of it, or because of some session stickiness, though that would have to be at the TCP level since load balancers would not have any other information).

    Have you considered instead to embed the quote in an extension of the same TLS cert that is used for the "real" connection, so that a client may verify that contextually to establishing the connection?

    cc @ipetr0v @anghelcovici @dreemkiller

    opened by tiziano88 10
  • ego built program does not scale well on multi-cores server

    ego built program does not scale well on multi-cores server

    Issue description

    Build a program with ego, run and bind it to 28 CPU cores. It does not scale well on multi-core, only scale to 3 cores with only 50%-60% CPU usage of each, and other cores are idle. Build with native go, it scales well to all 28 cores, the each CPU load is almost the same. Client requests are enough and same for both two scenarios.

    To reproduce

    Steps to reproduce the behavior:

    1. Composed a go program, acting as a http server, mainly use golang crypto package, like ecdsa, elliptic, x509 etc, exposing an interface which generates ecdsa keys and some encoding/decoding.
    2. use ego build/sign the program: http-server
    3. boot command: numactl -C 0-27 ego run http-server
    4. use testing tool: ab to give enough requests

    Expected behavior

    The ego program http-server should scale to 28 cores

    Additional info / screenshot

    image

    opened by Glenrun 9
  • Support for library enclave

    Support for library enclave

    Typically, enclaves are built as trusted libraries that are then loaded by the untrusted application during runtime. Does ego support such interfacing? It appears that the current version can only run an trusted application binary on the enclave directly. I understand that one can use sockets to establish a connection between applications, but it comes with some security concerns.

    Awesome project! Thank you!

    opened by ibalajiarun 9
  • Is ego support golang:plan9-assembly code

    Is ego support golang:plan9-assembly code

    Hi,my project imports some packages that with part codes write by assembly such as cpuid and sha256-simd,I can complie success use “ego-go build” and "ego sign",but when I use "ego run" to run my complied program ,it crashed with the fllowing error: image ,is there someing wrong I did

    opened by ParkerXie 7
  • Hashi-corp Vault demo is not running in dev mode and exiting.

    Hashi-corp Vault demo is not running in dev mode and exiting.

    The below error is generated when running the command: ego run vault server -dev

    Error initializing Dev mode: error expanding config path "": exec not supported

    And the vault closes. Please look into it.

    opened by mahiuddinalkamal 6
  • AskForHelp: cannot sign and run on different servers

    AskForHelp: cannot sign and run on different servers

    Issue description

    I have two servers with same OS and same hardware.

    An application signed by one machine cannot be run on another machine.

    To reproduce

    use ego/samples/remote_attestation

    Steps:

    1. run ego-go build server.go and ego sign server on Host-A
    2. scp signed executable binary to Host-B
    3. ego run server on Host-B

    got:

    Host-B# ego run server
    EGo v0.5.0 (19fe24700941af32c196bce44ded7afc3e54f87f)
    [erthost] loading enclave ...
    ERROR: enclave_initialize failed (err=0x1001) (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxload.c:oe_sgx_initialize_enclave:743]
    ERROR: oe_create_enclave failed. (Set OE_SIMULATION=1 for simulation mode.) [src/tools/erthost/erthost.cpp:main:265]
    ERROR: failed to initialize the enclave
    

    this application can runs on Host-A without any problem:

    Host-A:ego run server
    EGo v0.5.0 (948515ec2c7f32b761247c84c51c753ed1a4afa0)
    [erthost] loading enclave ...
    [erthost] entering enclave ...
    [ego] starting application ...
    

    BTW:

    1. Host-B can run application built and signed by itself.
    2. Host-B re-sign the signed by Host-A application with ego sign server, then it works fine
    opened by Laisky 5
  • ERROR When Remote Attestation About Environment Variable DCAP_DEBUG_LOG_LEVEL

    ERROR When Remote Attestation About Environment Variable DCAP_DEBUG_LOG_LEVEL

    when try the test of remote attestation. follow the instruction. after ego run server. it report: image and I start the client, it report: image anyone know what happen?

    opened by knight-hjh 5
  • AB#2173: Add feature to bundle a signed executable with the current EGo runtime

    AB#2173: Add feature to bundle a signed executable with the current EGo runtime

    Proposed changes

    • Add a new binary called 'ego-bundle', which is a self-extractable runtime
    • Add 'ego bundle' CLI command which bundles a signed EGo executable into the 'ego-bundle' binary and create a copy of it
    • Unit tests for both of them (including some host I/O, but I tried to limit it to where its necessary)

    Additional info

    For this PR I am not sure where to draw the line for code reuse. Many parts, especially for the unit tests are copied from the CLI or main EGo package to avoid calling NewCLI, though it is essentially the same code. On the other hand, I also was not sure whether to create an internal package to re-use functions, given that the bundle executable is supposed to pretty much stand on its own... I don't know, let me know in the review about your opinions.

    Also don't be scared about the # of lines added, there's more test code involved than the actual functionality :)

    opened by Nirusu 0
  • Can ego run dl workload in enclave using https://github.com/sugarme/gotch?

    Can ego run dl workload in enclave using https://github.com/sugarme/gotch?

    Issue description

    When I try to run ml or dl using gotch(Go binding for Pytorch C++ API), ego sign will go wrong. like symbol not found

    ldd gotchTest
            linux-vdso.so.1 (0x00007fff719fb000)
            libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fac7fb4c000)
            libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fac7f96b000)
            libc10.so => /usr/local/lib/libtorch/lib/libc10.so (0x00007fac7f8e8000)
            libtorch_cpu.so => /usr/local/lib/libtorch/lib/libtorch_cpu.so (0x00007fac68733000)
            libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fac685e4000)
            libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fac685c7000)
            libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fac683d5000)
            /lib64/ld-linux-x86-64.so.2 (0x00007fac8010e000)
            libgomp-52f2fd74.so.1 => /usr/local/lib/libtorch/lib/libgomp-52f2fd74.so.1 (0x00007fac681a2000)
            librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fac68197000)
            libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fac68191000)
    

    Cgo may cause this, Is there a simple way to solve this problem?

    opened by TYTaO 1
  • Dockerfile parse error: ARG requires exactly one argument

    Dockerfile parse error: ARG requires exactly one argument

    Hey, I am trying to setup docker image and faced issue when I run the build commands for docker images. My system information is

      Operating System: Debian GNU/Linux 9 (stretch)
                Kernel: Linux 5.13.9.rsk.1-amd64
          Architecture: x86-64
    

    Docker version is as follows

    Client: Docker Engine - Community
     Version:           19.03.15
     API version:       1.40
     Go version:        go1.13.15
     Built:             Sat Jan 30 03:17:11 2021
     OS/Arch:           linux/amd64
     Experimental:      false
    
    Server: Docker Engine - Community
     Engine:
      Version:          19.03.15
      API version:      1.40 (minimum version 1.12)
      Go version:       go1.13.15
      Built:            Sat Jan 30 03:15:40 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.3
     runc:
      Version:          1.0.0-rc92
     docker-init:
      Version:          0.18.0
    

    When I run any of the following commands inside dockerfiles folder DOCKER_BUILDKIT=1 docker build -o. - < Dockerfile.build OR DOCKER_BUILDKIT=1 docker build --build-arg egotag=master --build-arg erttag=master -o. - < Dockerfile.build I encounter following error. image

    This is what line 16 of Dockerfile.build looks like. image

    Anyone recommended fix?

    opened by mHassan11 8
  • Does ego support Local Attestation ?

    Does ego support Local Attestation ?

    Does ego has aleady supported Local Attestation ? When the report from other processes on the same physical machine. In some cases,we only need verify other processes running on the same physical machine are in tee environment.

    opened by ParkerXie 5
  • PCCS and EGO

    PCCS and EGO

    I just wanted to make sure my understanding of EGO is correct, and I thank everyone out there in advance for helping me understand it.

    I understand that EGO remote attestation uses DCAP remote attestation rather than EPID. How does the QUOTE sign in EGO? I couldn't find a reference to quoting enclave that signs the REPORT generated by enclave. I came across PCCS but am not sure how it provides this service. Is it true that AZURE DCAP client is used both for QE and certificate caching system?

    If so, which examples are using AZURE DCAP? There are three samples:

    1. Attested TLS
    2. Remote Attestation
    3. Azure Attestation
    opened by emrahsariboz 1
  • Why there's no paper for ego?

    Why there's no paper for ego?

    This is such a great product for the industry, help a lot about building confidential computing apps,

    And also I think this can strongly help school level research about moving cloud computing into enclaves,

    And also I would like to introduce Ego to my lab mates, but I can't find a formal paper of ego's philosophy and features..

    It is a pity, will you guys write a paper soon? Looking forward to your publications.

    opened by ZhAnGeek 3
Releases(v0.5.1)
Owner
Edgeless Systems GmbH
Building super-secure and easy-to-use software for Confidential Computing
Edgeless Systems GmbH
CBuild build system - A tiny build system for C

cuild - CBuild A build system for C Building $ go build . Usage Similar to GNU Make, a file named "Cuildfile" is required. You have a few flags to us

Laurentino Luna 0 Jan 17, 2022
☁️ Live reload for Go apps

Air ☁️ Live reload for Go apps Motivation When I get started with developing websites in Go and gin framework, it's a pity that gin lacks live-reloadi

Rick Yu 7.3k Jun 30, 2022
Monitoring changes in the source file and automatically compile and run (restart).

dogo Monitoring changes in the source file and automatically compile and run (restart). 中文 Install go get github.com/liudng/dogo Create config Here's

null 245 Jun 16, 2022
run/stop goroutines/tasks securely, recursively

grunner - run/stop goroutines/tasks securely, recursively. s1 := grunner.New() s1.Defer(func() { fmt.Println("s1 stopped 2") }) s1.Defer(func() {

vogo 0 Apr 22, 2022
Create build pipelines in Go

taskflow Create build pipelines in Go This package aims to simplify the creation of build pipelines in Go instead of using scripts or Make. taskflow A

Robert Pająk 295 Jun 26, 2022
Colorize (highlight) `go build` command output

colorgo colorgo is a wrapper to go command that colorizes output from go build and go test. Installation go get -u github.com/songgao/colorgo Usage c

Song Gao 109 May 18, 2022
a build tool for Go, with a focus on cross-compiling, packaging and deployment

goxc NOTE: goxc has long been in maintenance mode. Ever since Go1.5 supported simple cross-compilation, this tool lost much of its value. There are st

Am Laher 1.7k Jun 16, 2022
Build system and task runner for Go projects

Gilbert is task runner that aims to provide declarative way to define and run tasks like in other projects like Gradle, Maven and etc.

Gilbert 100 Apr 2, 2022
KintoHub is an open source build and deployment platform designed with a developer-friendly interface for Kubernetes.

What is Kintohub? KintoHub is an open source build and deployment platform designed with a developer-friendly interface for Kubernetes. Build your cod

KintoHub 30 Jun 7, 2022
Build systems with Go examples

What is this? This is a repository containing all the examples from the book BUILD SYSTEMS with GO (and save the world). This book is written to help

Juan M. Tirado 80 Jun 26, 2022
🌍 Earthly is a build automation tool for the container era

?? Earthly is a build automation tool for the container era. It allows you to execute all your builds in containers. This makes them self-contained, repeatable, portable and parallel. You can use Earthly to create Docker images and artifacts (eg binaries, packages, arbitrary files).

Earthly 7.3k Jun 30, 2022
An experimental way to apply patches to the Go runtime at build time.

go-patch-overlay An experimental way to apply patches to the Go runtime at build time. Assuming you have a directory of patches to apply to the Go sou

Felix Geisendörfer 16 Feb 9, 2022
Please is a cross-language high-performance extensible build system for reproducible multi-language builds.

Please is a cross-language build system with an emphasis on high performance, extensibility and reproducibility. It supports a number of popular languages and can automate nearly any aspect of your build process.

Thought Machine 2k Jun 28, 2022
Blueprint Build System For Golang

Blueprint Build System Blueprint is being archived on 2021 May 3. On 2021 May 3, we will be archiving the Blueprint project. This means it will not be

GengKapak WIP 0 Nov 20, 2021
🚀 gowatch is a command line tool that builds and (re)starts your go project everytime you save a Go or template file.

gowatch 中文文档 gowatch is a command line tool that builds and (re)starts your go project everytime you save a Go or template file. Installation To insta

silenceper 700 Jun 15, 2022
Concurrent task runner, developer's routine tasks automation toolkit. Simple modern alternative to GNU Make 🧰

taskctl - concurrent task runner, developer's routine tasks automation toolkit Simple modern alternative to GNU Make. taskctl is concurrent task runne

null 192 Jun 18, 2022
NFPM is Not FPM - a simple deb, rpm and apk packager written in Go

NFPM NFPM is Not FPM - a simple deb, rpm and apk packager written in Go. Why While fpm is great, for me, it is a bummer that it depends on ruby, tar a

GoReleaser 1.5k Jun 21, 2022
A simple tool to help WoW repack administrators manipulate the repack database(s)

WoW Repack Manipulator This tool makes it easier for an administrator of a WoW Repack (private WoW server, basically) to manipulate the database that

Michael Crilly 2 Feb 7, 2022
EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

Edgeless Systems GmbH 279 Jun 18, 2022
James is your butler and helps you to create, build, debug, test and run your Go projects

go-james James is your butler and helps you to create, build, debug, test and run your Go projects. When you often create new apps using Go, it quickl

Pieter Claerhout 50 Mar 8, 2022
Placeholder for the future project (lets-go-chat)Placeholder for the future project (lets-go-chat)

Placeholder for the future project (lets-go-chat)Placeholder for the future project (lets-go-chat)

null 0 Jan 10, 2022
Chrono is a scheduler library that lets you run your task and code periodically

Chrono is a scheduler library that lets you run your tasks and code periodically. It provides different scheduling functionalities to make it easier t

Procyon 182 Jun 18, 2022
A compute service that lets you run code without provisioning or managing servers

AWS Lambda for Go Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availab

Ibrahim Dauda 0 Oct 13, 2021
Prestic - Lets you define and run restic commands from a YAML file

Pete's Restic Lets you define and run restic commands from a YAML file. Features

Pete Taylor 0 Jan 10, 2022
💨 A real time messaging system to build a scalable in-app notifications, multiplayer games, chat apps in web and mobile apps.

Beaver A Real Time Messaging Server. Beaver is a real-time messaging server. With beaver you can easily build scalable in-app notifications, realtime

Ahmed 1.3k Jun 27, 2022
Conventional Commits Versioner

Conventional Commits Versioner ccv does one thing: it walks git commit history back from the current HEAD to find the most recent tag, taking note of

Scott Leggett 20 Jun 2, 2022
Conventional Commits parser written in Go

Conventional Commit Parser This is a parser for Conventional Commits go get -u github.com/release-lab/conventional-commit-parser package main import

whatchanged community team 3 Feb 4, 2022
A CLI to replace your git commit command, so your git message can partially follow the Conventional Changelog ecosystem

COMMIT CLI A CLI to replace your git commit command, so your git message can partially follow the Conventional Changelog ecosystem. And yes, it is bui

Hisam Fahri 1 Feb 9, 2022
yq lets you read YAML files easily on the terminal. You can find key/values easily

yq yq lets you read YAML files easily on the terminal. You can find key/values easily. Motivation Reading yaml configurations for k8s file becomes ard

Farhan 3 Nov 2, 2021