README

EGo

EGo logo

GitHub Actions Status GitHub license Go Report Card PkgGoDev Discord Chat

EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:

  • ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.
  • ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.

Building and running a confidential Go app is as easy as:

ego-go build hello.go
ego sign hello
ego run hello

Install

Install the Snap

The easiest way to install EGo is via the Snap:

sudo snap install ego-dev --classic
Install the DEB package

If you're on Ubuntu 18.04 or above, you can install the DEB package:

wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add
sudo add-apt-repository "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu `lsb_release -cs` main"
wget https://github.com/edgelesssys/ego/releases/download/v0.2.2/ego_0.2.2_amd64.deb
sudo apt install ./ego_0.2.2_amd64.deb build-essential
Build from source

Prerequisite: Edgeless RT is installed and sourced.

mkdir build
cd build
cmake ..
make
make install

Getting started

Now you're ready to build applications with EGo! To start, check out the following samples:

  • helloworld is a minimal example of an enclave application.
  • remote_attestation shows how to use the basic remote attestation API of EGo.
  • attested_tls is similar to the above, but uses a higher level API to establish an attested TLS connection.
  • vault demonstrates how to port a Go application exemplified by Hashicorp Vault.
  • cgo demonstrates the experimental cgo support.
  • azure_attestation shows how to use Microsoft Azure Attestation for remote attestation.

Documentation

  • The EGo documentation covers building, signing, running, and debugging confidential apps.
  • The EGo API provides access to remote attestation and sealing to your confidential app at runtime.
  • If you have further questions or need help, you're invited to join our Discord community.

Contribute

To report a problem or suggest a new feature, file a GitHub issue.

To report a security issue, write to security@edgeless.systems

Pull requests are welcome! You need to agree to our Contributor License Agreement.

This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.

Directories

Path Synopsis
Package attestation provides attestation data structures.
Package attestation provides attestation data structures.
Package eclient provides functionality for Go programs that interact with enclave programs.
Package eclient provides functionality for Go programs that interact with enclave programs.
Package ecrypto provides convenience functions for cryptography inside an enclave.
Package ecrypto provides convenience functions for cryptography inside an enclave.
Package enclave provides functionality for Go enclaves like remote attestation and sealing.
Package enclave provides functionality for Go enclaves like remote attestation and sealing.
Package marble provides commonly used functionalities for Marblerun Marbles.
Package marble provides commonly used functionalities for Marblerun Marbles.
samples
cgo
internal