- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello double,
Due to code and data isolation requirements for SGX security, enclave code must run on the CPU that has SGX enabled.
Enclave code cannot run on a GPU. If an enclave requires data that comes from operations on a GPU, the enclave must make an ocall into the untrusted application and the untrusted application can make GPU calls on behalf of the enclave. The ocall would pass the results to the enclave.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello double,
The Intel SGX SDK supports only C and C++ for building SGX applications. However, there are several 3rd party solutions that enable you to write native python (and other languages) code and run it within an SGX-protected environment. These 3rd party solutions mostly come in the form of lightweight runtime environments, OSes, or libraries.
Since Intel does not produce these solutions, support for those projects may be provided by the third-parties and their communities. When researching these projects, note that some of them are outdated and may no longer function without modification.
The easiest way to run your CuPy programs is to use Gramine (formerly known as Graphene) to run your programs in an SGX-protected environment.
“Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.
Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms.”
These examples will help you get started running your code on Gramine, protected by SGX:
Other solutions include Fortanix Runtime Encryption® platform, Scontain’s Scone - Secure Container Environment, and Baidu’s MesaTEE. Baidu’s MesaPy lets you write directly in Python, as does Profian’s Enarx product, as it compiles to WebAssembly (as does some other languages). Fortanix and Scone are products that must be purchased.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much!
I have already install Gramine. But I want to konw how to call GPU on SGX.
Thank you for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello double,
Due to code and data isolation requirements for SGX security, enclave code must run on the CPU that has SGX enabled.
Enclave code cannot run on a GPU. If an enclave requires data that comes from operations on a GPU, the enclave must make an ocall into the untrusted application and the untrusted application can make GPU calls on behalf of the enclave. The ocall would pass the results to the enclave.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your detailed reply. I think I have learned something about enclave. Thank you for your help.
Sincerely,
Double.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page