EGo lets you build, debug und run Go apps on Intel SGX - as simple as conventional Go programming!

Overview

EGo

EGo logo

GitHub Actions Status GitHub license Go Report Card PkgGoDev Gitter Chat

EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:

  • ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.
  • ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.

Building and running a confidential Go app is as easy as:

ego-go build hello.go
ego sign hello
ego run hello

Quick Start

If you are on Ubuntu 18.04 or above and do not want to build EGo from source, you can install the binary release:

wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
sudo add-apt-repository 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main'
wget https://github.com/edgelesssys/ego/releases/download/v0.1.0/ego_0.1.0_amd64.deb
sudo apt install ./ego_0.1.0_amd64.deb

Now you are ready to build applications with EGo! To start, check out the samples.

Build and Install

Prerequisite: Edgeless RT is installed and sourced.

mkdir build
cd build
cmake ..
make
make install

Samples

  • helloworld is a minimal example of an enclave application.
  • remote_attestation shows how to do remote attestation in EGo.
  • vault demonstrates how to port a Go application exemplified by Hashicorp Vault.

Documentation

Comments
  • grpc server gets stuck under stress test

    grpc server gets stuck under stress test

    Issue description

    CPU:Intel 5318Y kernel: 5.12.19 os: debian 10 EGO:v0.4.0 (ecc1a705b7de8c15e1243f6ae888886647d838db)

    Grpc server which starts with ego run will become stuck and can not deal with any requests after low stress test. strace result:
    image htop result:
    image

    I try to use numactl to bind server pid in serveral cpus, and the problem can not be reproduced any more.

    To reproduce

    sample code:

    ...
    
    func PKCS7Padding(ciphertext []byte, blockSize int) []byte {
        padding := blockSize - len(ciphertext)%blockSize
        padtext := bytes.Repeat([]byte{byte(padding)}, padding)
        return append(ciphertext, padtext...)
    }
    
    func PKCS7UnPadding(origData []byte) []byte {
        length := len(origData)
        unpadding := int(origData[length-1])
        return origData[:(length - unpadding)]
    }
    
    func AesEncrypt(plaintext []byte, key, iv []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        blockSize := block.BlockSize()
        plaintext = PKCS7Padding(plaintext, blockSize)
        blockMode := cipher.NewCBCEncrypter(block, iv)
        crypted := make([]byte, len(plaintext))
        blockMode.CryptBlocks(crypted, plaintext)
        return crypted, nil
    }
    
    func AesDecrypt(ciphertext []byte, key, iv []byte) ([]byte, error) {
        block, err := aes.NewCipher(key)
        if err != nil {
            return nil, err
        }
        blockSize := block.BlockSize()
        blockMode := cipher.NewCBCDecrypter(block, iv[:blockSize])
        origData := make([]byte, len(ciphertext))
        blockMode.CryptBlocks(origData, ciphertext)
        origData = PKCS7UnPadding(origData)
        return origData, nil
    }
    
    func testAes() {
        key, _ := hex.DecodeString("6368616e676520746869732070617373")
        plaintext := []byte("hello ming")
    
        c := make([]byte, aes.BlockSize+len(plaintext))
    iv := c[:aes.BlockSize]
    
        ciphertext, err := AesEncrypt(plaintext, key, iv)
        if err != nil {
            panic(err)
        }
    fmt.Println(base64.StdEncoding.EncodeToString(ciphertext))
    
        plaintext, err = AesDecrypt(ciphertext, key, iv)
        if err != nil {
            panic(err)
        }
        fmt.Println(string(plaintext))
    }
    
    const (
    	port = ":50051"
    )
    
    // server is used to implement helloworld.GreeterServer.
    type server struct {
    	pb.UnimplementedGreeterServer
    }
    
    // SayHello implements helloworld.GreeterServer
    func (s *server) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
    	log.Printf("Received: %v", in.GetName())
            testAes()
    	return &pb.HelloReply{Message: "Hello " + in.GetName()}, nil
    }
    
    func main() {
    	lis, err := net.Listen("tcp", port)
    	if err != nil {
    		log.Fatalf("failed to listen: %v", err)
    	}
    	s := grpc.NewServer()
    	pb.RegisterGreeterServer(s, &server{})
    	log.Printf("server listening at %v", lis.Addr())
    	if err := s.Serve(lis); err != nil {
    		log.Fatalf("failed to serve: %v", err)
    	}
    }
    

    Steps to reproduce the behavior:

    1. Run a simple grpc server through ego. And do aes encryption in it's handler.
    2. use ghz to test the server. ghz -c 5000 -n 50000 --insecure --proto helloworld.proto --import-paths=/mnt/storage09/ego/samples/test/platform/vendor/googleapis,/mnt/storage09/ego/samples/test/platform/vendor/ --call helloworld.Greeter/SayHello -d '{"name":"xxx"}' 127.0.0.1:50051
    3. repeat step 2 serveral times, the server will stuck and client becomes timeout.

    Expected behavior

    Additional info / screenshot

    opened by zcc35357949 29
  • Lack of AIO library related implementation

    Lack of AIO library related implementation

    When I run ego-go to build something some error occurd

    /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::cancel': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb6cancel17hbf37e4caf0e7d1a5E+0x8): undefined reference toaio_cancel' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::error': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5error17hf891cc64bc4a258fE+0x6): undefined reference toaio_error' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::fsync': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5fsync17h2170c97a55ede5a7E+0xb): undefined reference toaio_fsync' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::read': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb4read17h6ab20e9ec57ec7c4E+0xf): undefined reference toaio_read' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::aio_return': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb10aio_return17h02e5428ffd38d90dE+0xa): undefined reference toaio_return' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::AioCb::write': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5AioCb5write17h1d0189666438a4cdE+0x6): undefined reference toaio_write' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::aio_cancel_all': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio14aio_cancel_all17h131da5da30c298cdE+0x5): undefined reference toaio_cancel' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::aio_suspend': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio11aio_suspend17h6a76657106d21cfeE+0x14): undefined reference toaio_suspend' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::LioCb::listio': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb6listio17hf4f7f0e84d530c21E+0xeb): undefined reference tolio_listio' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in function nix::sys::aio::LioCb::listio_resubmit': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x100): undefined reference toaio_error' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x155): undefined reference to aio_return' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x19d): undefined reference toaio_error' /usr/local/bin/ld: nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb15listio_resubmit17h916197d632bb2286E+0x242): undefined reference to lio_listio' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in functionnix::sys::aio::LioCb::aio_return': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb10aio_return17h184cf383cae18f5dE+0x39): undefined reference to aio_return' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.13.rcgu.o): in functionnix::sys::aio::LioCb::error': nix.1cf2ddbb-cgu.13:(.text._ZN3nix3sys3aio5LioCb5error17hd159a6dccbce33bfE+0x33): undefined reference to aio_error' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in functionnix::mqueue::mq_open': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_open17he7df94924c300521E+0xd): undefined reference to mq_open' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_open17he7df94924c300521E+0x1e): undefined reference tomq_open' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_unlink': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue9mq_unlink17hc705c9ffc9c0f4afE+0x6): undefined reference tomq_unlink' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_close': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue8mq_close17h7d761cdb4c0b3a15E+0x3): undefined reference tomq_close' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_receive': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_receive17h5fe711652e61d632E+0x3): undefined reference tomq_receive' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_send': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue7mq_send17hf3e8ba66fdb6c7f6E+0x3): undefined reference tomq_send' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_getattr': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_getattr17h387ecd7c907a9f4aE+0x11): undefined reference tomq_getattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_setattr': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue10mq_setattr17h7efc98b84d060136E+0x15): undefined reference tomq_setattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in function nix::mqueue::mq_set_nonblock': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue15mq_set_nonblock17h03a5cf5a318e775cE+0x17): undefined reference tomq_getattr' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue15mq_set_nonblock17h03a5cf5a318e775cE+0x4b): undefined reference to mq_setattr' /usr/local/bin/ld: ../internal/vm/wasm/wasmer-go/libwasmer.a(nix-73ba03e35152d5cb.nix.1cf2ddbb-cgu.5.rcgu.o): in functionnix::mqueue::mq_remove_nonblock': nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue18mq_remove_nonblock17hd97691f08d4c3b46E+0x17): undefined reference to mq_getattr' /usr/local/bin/ld: nix.1cf2ddbb-cgu.5:(.text._ZN3nix6mqueue18mq_remove_nonblock17hd97691f08d4c3b46E+0x4b): undefined reference tomq_setattr' collect2: error: ld returned 1 exit status

    Does ego not implement AIO-related functions, or is it difficult to implement?

    opened by weitianyuan 21
  • Enclave not authorized to run

    Enclave not authorized to run

    Hello all,

    I run helloworld sample well in sim mode, but failed when running in enclave. The error says

    '[erthost] loading enclave ... [error_driver2api sgx_enclave_common.cpp:273] Enclave not authorized to run, .e.g. provisioning enclave hosted in app without access rights to /dev/sgx_provision. You need add the user id to group sgx_prv or run the app as root. ERROR: enclave_load_data failed (addr=0xc0f6c000, prot=0x1, err=0x6) (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxload.c:oe_sgx_load_enclave_data:695] ERROR: oe_create_enclave failed. (Set OE_SIMULATION=1 for simulation mode.) [src/tools/erthost/erthost.cpp:main:265] ' Have tried as root, not help.

    I use ego 0.41, Ubuntu 20.04 with kernel version 5.13.0-30-generic and sgx driver 2.11.

    opened by pillowsofwind 20
  • Remote attestation fails

    Remote attestation fails

    Issue description

    I have set up a self-hosted PCCS according to the instructions provided in EGo docs (https://docs.edgeless.systems/ego/#/reference/attest), I try to launch the example of remote attestation (https://github.com/edgelesssys/ego/tree/master/samples/remote_attestation). When launching the server I get the following output:

    EGo v1.0.0 (f1255317ec583ed72947f65d83881a0e46ad1ed8)
    [erthost] loading enclave ...
    [erthost] entering enclave ...
    [ego] starting application ...
    [get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
    ERROR: quote3_error_t=SGX_QL_NO_PLATFORM_CERT_DATA
     (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
    ERROR: SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/enclave/sgx/attester.c:_get_report:324]
    OE_PLATFORM_ERROR
    listening ...
    
    opened by EErikas 19
  • cgo links host libc

    cgo links host libc

    OE won't load a binary i'm trying to build with ego, because it contains R_X86_64_IRELATIV

    it's a relocation caused by calling any GLIBC stdio function. but according to https://github.com/openenclave/openenclave/issues/4469 glibc isnt even supposed to be involved in the build process.

    since ego just calls cgo, cgo will call gcc which usually links the host libc. was i supposed to use CC=musl-gcc to avoid this?

    opened by aep 15
  • Dockerfile parse error: ARG requires exactly one argument

    Dockerfile parse error: ARG requires exactly one argument

    Hey, I am trying to setup docker image and faced issue when I run the build commands for docker images. My system information is

      Operating System: Debian GNU/Linux 9 (stretch)
                Kernel: Linux 5.13.9.rsk.1-amd64
          Architecture: x86-64
    

    Docker version is as follows

    Client: Docker Engine - Community
     Version:           19.03.15
     API version:       1.40
     Go version:        go1.13.15
     Built:             Sat Jan 30 03:17:11 2021
     OS/Arch:           linux/amd64
     Experimental:      false
    
    Server: Docker Engine - Community
     Engine:
      Version:          19.03.15
      API version:      1.40 (minimum version 1.12)
      Go version:       go1.13.15
      Built:            Sat Jan 30 03:15:40 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.3
     runc:
      Version:          1.0.0-rc92
     docker-init:
      Version:          0.18.0
    

    When I run any of the following commands inside dockerfiles folder DOCKER_BUILDKIT=1 docker build -o. - < Dockerfile.build OR DOCKER_BUILDKIT=1 docker build --build-arg egotag=master --build-arg erttag=master -o. - < Dockerfile.build I encounter following error. image

    This is what line 16 of Dockerfile.build looks like. image

    Anyone recommended fix?

    opened by mHassan11 13
  • Remote attestation fails - Error: SGX_QL_ERROR_INVALID_PRIVILEGE

    Remote attestation fails - Error: SGX_QL_ERROR_INVALID_PRIVILEGE

    Issue description

    Followed the tutorial to get the TLS attestation sample working. Local machine deployment not cloud. Have PCCS running, docker logs output:

    Generating RSA private key, 2048 bit long modulus (2 primes)
    ..................................................................+++++
    ..............................+++++
    e is 65537 (0x010001)
    Signature ok
    subject=CN = localhost
    Getting Private key
    Wed, 03 Aug 2022 12:49:45 GMT morgan deprecated default format: use combined format at node_modules/esm/esm.js:1:278827
    2022-08-03 12:49:46.871 [info]: DB Migration (Ver.0 -> 1) -- Start
    2022-08-03 12:49:46.879 [info]: DB Migration -- Done.
    2022-08-03 12:49:46.935 [info]: DB Migration (Ver.1 -> 2) -- Start
    2022-08-03 12:49:46.948 [info]: DB Migration -- Done.
    2022-08-03 12:49:47.043 [info]: HTTPS Server is running on: https://localhost:8081
    2022-08-03 13:04:36.004 [info]: Client Request-ID : 07a4756340594e0ab7c84bca10d56f79
    2022-08-03 13:04:36.006 [info]: 172.17.0.1 - - [03/Aug/2022:13:04:36 +0000] "GET /sgx/certification/v3/rootcacrl HTTP/1.1" 200 586 "-" "curl/7.58.0"
    

    As you can see also tried to curl the root ca which worked.

    Error I am seeing is:

    EGo v1.0.0 (f1255317ec583ed72947f65d83881a0e46ad1ed8)
    [erthost] loading enclave ...
    [erthost] entering enclave ...
    [ego] starting application ...
    [load_qe ../qe_logic.cpp:642] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
    ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE
     (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
    ERROR: SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/enclave/sgx/attester.c:_get_report:324]
    panic: OE_PLATFORM_ERROR
    
    goroutine 1 [running]:
    main.main()
    	/root/golang/ego/samples/attested_tls/server.go:14 +0x192
    

    I have seen the earlier issue https://github.com/edgelesssys/ego/issues/158 but as the error is a different one I dont think it is about a BIOS update.

    opened by rockhouse 11
  • Remote attestation over TLS format

    Remote attestation over TLS format

    https://github.com/edgelesssys/ego/blob/3d9a417efb206230a78490fc9773465480c92b9a/samples/remote_attestation/ra_client/client.go#L37-L56

    AFAICT, currently the ego library (or at least, the RA example) rely on exposing additional HTTP endpoints on the same server to serve the self-signed cert and a report that binds that to a verifiable SGX quote, and then requires the client to establish a new connection to the server using that (now verified) certificate. This only works if the server is reachable again over a separate connection by the same client (either because there is a single instance of it, or because of some session stickiness, though that would have to be at the TCP level since load balancers would not have any other information).

    Have you considered instead to embed the quote in an extension of the same TLS cert that is used for the "real" connection, so that a client may verify that contextually to establishing the connection?

    cc @ipetr0v @anghelcovici @dreemkiller

    opened by tiziano88 10
  • Cannot run `ego sign`

    Cannot run `ego sign`

    Issue description

    get lots of errors when ego sign

    To reproduce

    Steps to reproduce the behavior:

    first run ego-go build and get myprogramme

    then $ ego sign myprogramme

    and get errors

    EGo v0.5.0 (55bad14bb8d00dbae2000a8d603f9b588bb79451)
    /opt/ego/bin/ego-oesign ERROR: oe_sgx_build_enclave(): result=OE_FAILURE (0x1)
    2022-09-22T09:32:34+0000.652640Z [(H)ERROR] tid(0x7f3727832b80) | Unsupported elf relocation type 5
     (oe_result_t=OE_UNSUPPORTED_ENCLAVE_IMAGE) [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/elf.c:_elf64_load_relocations:1920]
    2022-09-22T09:32:34+0000.652660Z [(H)ERROR] tid(0x7f3727832b80) | :OE_UNSUPPORTED_ENCLAVE_IMAGE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/elf.c:elf64_load_relocations:1957]
    2022-09-22T09:32:34+0000.652662Z [(H)ERROR] tid(0x7f3727832b80) | :OE_INVALID_IMAGE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/loadelf.c:_load_elf_image:447]
    2022-09-22T09:32:34+0000.652853Z [(H)ERROR] tid(0x7f3727832b80) | :OE_INVALID_IMAGE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/loadelf.c:_load_dependent_image:1450]
    2022-09-22T09:32:34+0000.652855Z [(H)ERROR] tid(0x7f3727832b80) | :OE_INVALID_IMAGE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/loadelf.c:oe_load_elf_enclave_image:1496]
    2022-09-22T09:32:34+0000.653125Z [(H)ERROR] tid(0x7f3727832b80) | :OE_INVALID_IMAGE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/load.c:oe_load_enclave_image:66]
    2022-09-22T09:32:34+0000.653128Z [(H)ERROR] tid(0x7f3727832b80) | :OE_FAILURE [/ertbuild/3rdparty/openenclave/openenclave-src/host/sgx/create.c:oe_sgx_build_enclave:909]
    

    Additional info

    my ego dependency in go.mod:

    go 1.18
    
    require (
    	github.com/edgelesssys/ego v0.5.0
    	// ...
    )
    

    could you pls help me to take a look of this? thanks!

    opened by wafeishushu 9
  • ego built program does not scale well on multi-cores server

    ego built program does not scale well on multi-cores server

    Issue description

    Build a program with ego, run and bind it to 28 CPU cores. It does not scale well on multi-core, only scale to 3 cores with only 50%-60% CPU usage of each, and other cores are idle. Build with native go, it scales well to all 28 cores, the each CPU load is almost the same. Client requests are enough and same for both two scenarios.

    To reproduce

    Steps to reproduce the behavior:

    1. Composed a go program, acting as a http server, mainly use golang crypto package, like ecdsa, elliptic, x509 etc, exposing an interface which generates ecdsa keys and some encoding/decoding.
    2. use ego build/sign the program: http-server
    3. boot command: numactl -C 0-27 ego run http-server
    4. use testing tool: ab to give enough requests

    Expected behavior

    The ego program http-server should scale to 28 cores

    Additional info / screenshot

    image

    opened by Glenrun 9
  • Support for library enclave

    Support for library enclave

    Typically, enclaves are built as trusted libraries that are then loaded by the untrusted application during runtime. Does ego support such interfacing? It appears that the current version can only run an trusted application binary on the enclave directly. I understand that one can use sockets to establish a connection between applications, but it comes with some security concerns.

    Awesome project! Thank you!

    opened by ibalajiarun 9
  • Help understanding of EGO

    Help understanding of EGO

    Thanks for the great product. I would appreciate it if anyone could verify if my understanding of EGo's DCAP-based attestation works correct or wrong.

    I understand that EGo uses DCAP-based attestation rather than EPID. And EGo depends on Open Enclave regarding the details of Quoting Enclave.

    However, one thing that does not add up is the fact that remote attestation sample generates a report before the quote is generated and signed by Provisioning Certification Enclave (PCE).

    1. My understanding of DCAP was the quote will be generated and signed by the PCE, which will then become a report. Could you please help me understand this?

    2. Also, where in the code EGo calls the OE APIs regarding QE operations? I don't see any submodule or anything that will use OE. Can you point me to the file/repo?

    3. Again, in the remote attestation sample, how does the client retrieves the TCB information when verifying the cached attestation collateral from PCCS using Azure Quote Provider? In other words, how does client knows which attestation collateral to retrieve? Server never sends this information to help client verify.

    opened by emrahsariboz 3
  • Would you plan to provide a safe file system?

    Would you plan to provide a safe file system?

    Use case

    My processes in encalve can r/w directly to the file system and all operations are automatically protected by ego. Meanwhile, all files are encrypted.

    Describe your solution

    Encrypt all files io using the internal unique key of the enclave.

    Additional context

    Nothing.

    opened by mfang96 1
  • ego run remote-attestation error

    ego run remote-attestation error

    I'v installed ego using release binary and run helloworld successfully. But I got error while running remote-attestation and attestation-tls exmaple. image Please help me to solve this problem.Thanks

    opened by Wyh19980916 20
  • Can ego run dl workload in enclave using https://github.com/sugarme/gotch?

    Can ego run dl workload in enclave using https://github.com/sugarme/gotch?

    Issue description

    When I try to run ml or dl using gotch(Go binding for Pytorch C++ API), ego sign will go wrong. like symbol not found

    ldd gotchTest
            linux-vdso.so.1 (0x00007fff719fb000)
            libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fac7fb4c000)
            libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fac7f96b000)
            libc10.so => /usr/local/lib/libtorch/lib/libc10.so (0x00007fac7f8e8000)
            libtorch_cpu.so => /usr/local/lib/libtorch/lib/libtorch_cpu.so (0x00007fac68733000)
            libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fac685e4000)
            libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fac685c7000)
            libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fac683d5000)
            /lib64/ld-linux-x86-64.so.2 (0x00007fac8010e000)
            libgomp-52f2fd74.so.1 => /usr/local/lib/libtorch/lib/libgomp-52f2fd74.so.1 (0x00007fac681a2000)
            librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fac68197000)
            libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fac68191000)
    

    Cgo may cause this, Is there a simple way to solve this problem?

    opened by TYTaO 1
  • PCCS and EGO

    PCCS and EGO

    I just wanted to make sure my understanding of EGO is correct, and I thank everyone out there in advance for helping me understand it.

    I understand that EGO remote attestation uses DCAP remote attestation rather than EPID. How does the QUOTE sign in EGO? I couldn't find a reference to quoting enclave that signs the REPORT generated by enclave. I came across PCCS but am not sure how it provides this service. Is it true that AZURE DCAP client is used both for QE and certificate caching system?

    If so, which examples are using AZURE DCAP? There are three samples:

    1. Attested TLS
    2. Remote Attestation
    3. Azure Attestation
    opened by emrahsariboz 2
Releases(v1.0.1)
Owner
Edgeless Systems GmbH
Building super-secure and easy-to-use software for Confidential Computing
Edgeless Systems GmbH
This Go package allows you to set handler functions that run when named events occur

This Go package allows you to set handler functions that run when named events occur

James 1 Feb 10, 2022
JIN the coolest fighting game ever made that uses the M.U.G.E.N engine so heres how you can build it

JIN the coolest fighting game ever made that uses the M.U.G.E.N engine so heres how you can build it

Elijah Davis 1 Jan 24, 2022
Steampipe plugin to query your Scalingo apps, addons and more

Scalingo plugin for Steampipe Use SQL to query infrastructure including applications and addons from Scalingo. Get started → Documentation: Table defi

François de Metz 10 Jul 14, 2022
GoDynamic can load and run Golang dynamic library compiled by -buildmode=shared -linkshared

GoDynamic can load and run Golang dynamic library compiled by -buildmode=shared -linkshared How does it work? GoDynamic works like a dynamic

pkujhd 10 Aug 31, 2022
To run a .go file use below syntax

To run a .go file use below syntax

PRADEEP KUMAR D 0 Nov 2, 2021
Procswap is a simple application that allows you to prioritize processes on a Windows machine.

Procswap is a simple application that allows you to prioritize processes on a Windows machine.

Billy 19 Mar 8, 2022
Go library to help build a macOS device attestation service.

About macos-device-attestation is a library to help build a macOS device attestation service. An on-device client can use this library to attest to a

Kory Prince 0 Nov 17, 2021
Code Generation for Functional Programming, Concurrency and Generics in Golang

goderive goderive derives mundane golang functions that you do not want to maintain and keeps them up to date. It does this by parsing your go code fo

Walter Schulze 1k Sep 14, 2022
libraries for various programming languages that make it easy to generate per-process trace files that can be loaded into chrome://tracing

chrometracing: chrome://tracing trace_event files The chrometracing directory contains libraries for various programming languages that make it easy t

Google 22 Jul 8, 2022
Extending the Monkey (programming) Lang from

?? Mellang ?? Mellang, an interpreted programming language Mellang VSCode Extension You can download it on https://marketplace.visualstudio.com/items?

Antonio Mello Babo 16 May 20, 2022
This is an open source project for commonly used functions for the Go programming language.

Common Functions This is an open source project for commonly used functions for the Go programming language. This package need >= go 1.3 Code Conventi

ᴜɴᴋɴᴡᴏɴ 735 Sep 22, 2022
Rest Api Generator for Golang Programming Language

Rest Api Generator for Golang Programming Language

Eko Kurniadi 3 Nov 29, 2021
Go Library for Competitive Programming with Generics

Go Library for Competitive Programming with Generics Go used to be a difficult language to use for competitive programming. However, with the introduc

Katsuyuki Tateishi 3 Aug 28, 2022
Utilities and immutable collections for functional programming in Golang

Utilities and immutable collections for functional programming in Golang. This is an experimental library to play with the new Generics Feature in Go 1.18.

Peter Zeller 9 Sep 1, 2022
Tugas Alta Immersive Backend Golang Fundamental Programming (Pointer, Struct, Method, Interface)

Tatacara Melakukan Setup Tugas clone project ini dengan cara git clone https://github.com/Immersive-Backend-Resource/Pointer-Struct-Method-Interface.g

null 0 Jan 9, 2022
cuckoo-filter go implement. config by you 布谷鸟过滤器的Go实现,可以定制化过滤器参数

Cuckoo filter is a Bloom filter replacement for approximated set-membership queries. While Bloom filters are well-known space-efficient data structures to serve queries like "if item x is in a set?", they do not support deletion. Their variances to enable deletion (like counting Bloom filters) usually require much more space.

Linvon 229 Sep 26, 2022
go-i18n is a Go package and a command that helps you translate Go programs into multiple languages.

go-i18n is a Go package and a command that helps you translate Go programs into multiple languages.

Nick Snyder 2.1k Sep 20, 2022
this is an api that execute your deno code and send you the output

this a simple api that execute your deno code and send you the output, has not limit per request example request: in deno: const rawResponse = await f

pai 13 May 28, 2022
Clean-Swift source and test code auto-generator. It can save you time typing 500-600 lines of code.

Clean-Swift source & test code auto generator Overview Run Output Basic Usage make config.yaml target_project_name: Miro // target project name copyri

David Ha 20 Apr 13, 2022