EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:
ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.
ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.
Building and running a confidential Go app is as easy as:
ego-go build hello.go ego sign hello ego run hello
Install the snap
The easiest way to install EGo is via the snap:
sudo snap install ego-dev --classic
You also need
libcrypto. On Ubuntu install them with:
sudo apt install build-essential libssl-dev
Install the DEB package
If you're on Ubuntu 18.04 or above, you can install the DEB package:
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add sudo add-apt-repository "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu `lsb_release -cs` main" wget https://github.com/edgelesssys/ego/releases/download/v0.5.0/ego_0.5.0_amd64.deb sudo apt install ./ego_0.5.0_amd64.deb build-essential libssl-dev
Build from source
Prerequisite: Edgeless RT is installed and sourced.
mkdir build cd build cmake .. make make install
Build via Docker
You can reproducibly build the latest release:
cd dockerfiles DOCKER_BUILDKIT=1 docker build -o. - < Dockerfile.build
Or the latest master:
cd dockerfiles DOCKER_BUILDKIT=1 docker build --build-arg egotag=master --build-arg erttag=master -o. - < Dockerfile.build
This outputs the DEB package.
Optionally build the
docker build --target dev -t ghcr.io/edgelesssys/ego-dev -f Dockerfile.release . docker build --target deploy -t ghcr.io/edgelesssys/ego-deploy -f Dockerfile.release .
Now you're ready to build applications with EGo! To start, check out the following samples:
- helloworld is a minimal example of an enclave application.
- remote_attestation shows how to use the basic remote attestation API of EGo.
- attested_tls is similar to the above, but uses a higher level API to establish an attested TLS connection.
- vault demonstrates how to port a Go application exemplified by Hashicorp Vault.
- wasmer shows how to run WebAssembly inside EGo using Wasmer.
- embedded_file shows how to embed files into an EGo enclave.
- reproducible_build builds the helloworld sample reproducibly, resulting in the same UniqueID.
- cgo demonstrates the experimental cgo support.
- azure_attestation shows how to use Microsoft Azure Attestation for remote attestation.
- The EGo documentation covers building, signing, running, and debugging confidential apps.
- The EGo API provides access to remote attestation and sealing to your confidential app at runtime.
Community & help
- For user help, questions or queries about EGo please file an issue.
- If you see an error message or run into an issue, please make sure to create a bug report.
- Get the latest news and announcements on Twitter, LinkedIn or sign up for our monthly newsletter.
- Visit our blog for technical deep-dives and tutorials.
CONTRIBUTING.mdfor information on issue reporting, code guidelines, and our PR process.
- Pull requests are welcome! You need to agree to our Contributor License Agreement.
- This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.
- To report a security issue, write to firstname.lastname@example.org.
Package attestation provides attestation data structures.
|Package attestation provides attestation data structures.|
Package eclient provides functionality for Go programs that interact with enclave programs.
|Package eclient provides functionality for Go programs that interact with enclave programs.|
Package ecrypto provides convenience functions for cryptography inside an enclave.
|Package ecrypto provides convenience functions for cryptography inside an enclave.|
Package enclave provides functionality for Go enclaves like remote attestation and sealing.
|Package enclave provides functionality for Go enclaves like remote attestation and sealing.|
Package marble provides commonly used functionalities for Marblerun Marbles.
|Package marble provides commonly used functionalities for Marblerun Marbles.|