Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Can I run CUpy programs on SGX

double
Novice
516 Views

Can I run CUpy programs on SGX? And if so, how should I build the environment, and how to run the programs. Thank you a lot. 

Labels (3)
0 Kudos
1 Solution
JesusG_Intel
Moderator
407 Views

Hello double,


Due to code and data isolation requirements for SGX security, enclave code must run on the CPU that has SGX enabled.

 

Enclave code cannot run on a GPU. If an enclave requires data that comes from operations on a GPU, the enclave must make an ocall into the untrusted application and the untrusted application can make GPU calls on behalf of the enclave. The ocall would pass the results to the enclave.


Sincerely,

Jesus G.

Intel Customer Support



View solution in original post

5 Replies
JesusG_Intel
Moderator
480 Views

Hello double,


The Intel SGX SDK supports only C and C++ for building SGX applications. However, there are several 3rd party solutions that enable you to write native python (and other languages) code and run it within an SGX-protected environment. These 3rd party solutions mostly come in the form of lightweight runtime environments, OSes, or libraries.


Since Intel does not produce these solutions, support for those projects may be provided by the third-parties and their communities. When researching these projects, note that some of them are outdated and may no longer function without modification.

 

The easiest way to run your CuPy programs is to use Gramine (formerly known as Graphene) to run your programs in an SGX-protected environment.

 

Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms.”

 

These examples will help you get started running your code on Gramine, protected by SGX:

 

Quick Start

Helloworld

PyTorch Example

PySyft

 

Other solutions include Fortanix Runtime Encryption® platform, Scontain’s Scone - Secure Container Environment, and Baidu’s MesaTEE. Baidu’s MesaPy lets you write directly in Python, as does Profian’s Enarx product, as it compiles to WebAssembly (as does some other languages). Fortanix and Scone are products that must be purchased.


Sincerely,

Jesus G.

Intel Customer Support



double
Novice
461 Views

Thank you very much!

I have already install Gramine. But I want to konw how to call GPU on SGX. 

Thank you for your help!

JesusG_Intel
Moderator
408 Views

Hello double,


Due to code and data isolation requirements for SGX security, enclave code must run on the CPU that has SGX enabled.

 

Enclave code cannot run on a GPU. If an enclave requires data that comes from operations on a GPU, the enclave must make an ocall into the untrusted application and the untrusted application can make GPU calls on behalf of the enclave. The ocall would pass the results to the enclave.


Sincerely,

Jesus G.

Intel Customer Support



double
Novice
392 Views

Thank you for your detailed reply. I think I have learned something about enclave. Thank you for your help. 

 

Sincerely,

Double.

JesusG_Intel
Moderator
347 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply