EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:
ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project - while providing the same CLI as the original Go compiler.
ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.
Building and running a confidential Go app is as easy as:
ego-go build hello.go ego sign hello ego run hello
Install the Snap
The easiest way to install EGo is via the Snap:
sudo snap install ego-dev --classic
Install the DEB package
If you're on Ubuntu 18.04 or above, you can install the DEB package:
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add sudo add-apt-repository "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu `lsb_release -cs` main" wget https://github.com/edgelesssys/ego/releases/download/v0.2.2/ego_0.2.2_amd64.deb sudo apt install ./ego_0.2.2_amd64.deb build-essential
Build from source
Prerequisite: Edgeless RT is installed and sourced.
mkdir build cd build cmake .. make make install
Now you're ready to build applications with EGo! To start, check out the following samples:
- helloworld is a minimal example of an enclave application.
- remote_attestation shows how to use the basic remote attestation API of EGo.
- attested_tls is similar to the above, but uses a higher level API to establish an attested TLS connection.
- vault demonstrates how to port a Go application exemplified by Hashicorp Vault.
- cgo demonstrates the experimental cgo support.
- azure_attestation shows how to use Microsoft Azure Attestation for remote attestation.
- The EGo documentation covers building, signing, running, and debugging confidential apps.
- The EGo API provides access to remote attestation and sealing to your confidential app at runtime.
- If you have further questions or need help, you're invited to join our Discord community.
To report a problem or suggest a new feature, file a GitHub issue.
To report a security issue, write to firstname.lastname@example.org
Pull requests are welcome! You need to agree to our Contributor License Agreement.
This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.
Package attestation provides attestation data structures.
|Package attestation provides attestation data structures.|
Package eclient provides functionality for Go programs that interact with enclave programs.
|Package eclient provides functionality for Go programs that interact with enclave programs.|
Package ecrypto provides convenience functions for cryptography inside an enclave.
|Package ecrypto provides convenience functions for cryptography inside an enclave.|
Package enclave provides functionality for Go enclaves like remote attestation and sealing.
|Package enclave provides functionality for Go enclaves like remote attestation and sealing.|
Package marble provides commonly used functionalities for Marblerun Marbles.
|Package marble provides commonly used functionalities for Marblerun Marbles.|