Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

is it possible to write app in python and enclave in C++?

JarodEnclave
Beginner
473 Views

Dear admin,

 

I would like to getting Sgx up and running as a web server. But it seems there is no solid C++ web framework, so I am thinking to use Python as App Layer and C++ as Enclave Layer.

 

Is it possible?

Is there something I should be aware of ?

 

Thanks

Yan

 

Labels (1)
0 Kudos
1 Solution
JesusG_Intel
Moderator
454 Views

Hello JarodEnclave,

 

Your untrusted application can be a thin translation layer to your enclave. Your front-end python code can call functions in your C++-based untrusted app and your untrusted app can call the enclave functions.

 

Alternatively, you can implement your entire solution in Python if you want. There are several 3rd party solutions that enable you to write native python (and other languages) code and run it within an SGX-protected environment. These 3rd party solutions mostly come in the form of lightweight runtime environments, OSes, or libraries.

 

Since Intel does not produce these solutions, support for those projects may be provided by the third-parties and their communities. When researching these projects, note that some of them are outdated and may no longer function without modification.

 

The easiest way to run your python scripts is to use Gramine (formerly known as Graphene) to run your programs in an SGX-protected environment.

 

Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms.”

 

These examples will help you get started running your code on Gramine, protected by SGX:

 

Quick Start

Helloworld

PyTorch Example

PySyft

 

Other solutions include Fortanix Runtime Encryption® platform, Scontain’s Scone - Secure Container Environment, and Baidu’s MesaTEE. Baidu’s MesaPy lets you write directly in Python, as does Profian’s Enarx product, as it compiles to WebAssembly (as does some other languages). Fortanix and Scone are products that must be purchased.

 

Find more information about these 3rd party solutions in the Intel SGX Get Started page.

 

Regards,

Jesus G.

Intel Customer Support

 

View solution in original post

3 Replies
JesusG_Intel
Moderator
455 Views

Hello JarodEnclave,

 

Your untrusted application can be a thin translation layer to your enclave. Your front-end python code can call functions in your C++-based untrusted app and your untrusted app can call the enclave functions.

 

Alternatively, you can implement your entire solution in Python if you want. There are several 3rd party solutions that enable you to write native python (and other languages) code and run it within an SGX-protected environment. These 3rd party solutions mostly come in the form of lightweight runtime environments, OSes, or libraries.

 

Since Intel does not produce these solutions, support for those projects may be provided by the third-parties and their communities. When researching these projects, note that some of them are outdated and may no longer function without modification.

 

The easiest way to run your python scripts is to use Gramine (formerly known as Graphene) to run your programs in an SGX-protected environment.

 

Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms.”

 

These examples will help you get started running your code on Gramine, protected by SGX:

 

Quick Start

Helloworld

PyTorch Example

PySyft

 

Other solutions include Fortanix Runtime Encryption® platform, Scontain’s Scone - Secure Container Environment, and Baidu’s MesaTEE. Baidu’s MesaPy lets you write directly in Python, as does Profian’s Enarx product, as it compiles to WebAssembly (as does some other languages). Fortanix and Scone are products that must be purchased.

 

Find more information about these 3rd party solutions in the Intel SGX Get Started page.

 

Regards,

Jesus G.

Intel Customer Support

 

JesusG_Intel
Moderator
343 Views

Hello JarodEnclave,


Have I provided enough information to help you find your solution?


Sincerely,

Jesus G.

Intel Customer Support




JesusG_Intel
Moderator
245 Views

Hello JarodEnclave,


I hope you have been able to resolve your issue. I have not heard back from you so I will close this inquiry now. If you need further assistance, please post a new question.


Reply