Inclavare Containers project initially provides a process-level confidential container solution based on Intel SGX Enclave. Later, this project was re-organized from https://github.com/alibaba/inclavare-containers to https://github.com/inclavare-containers/inclavare-containers since 02/2022.
The development efforts on the part of enclave container runtime was moved to enclave-cc under another CNCF project Confidential Containers since 03/2022. The reason is that Inclavare Containers project can share some common components from Confidential Containers project, so this helps to reduce repetitive development efforts and keep active communication with neighbor community to collectively boost the adoption of confidential containers technology.
Inclavare Containers project doesn't just focus on container runtime for Intel SGX Enclave, it also creates several innovative technologies related to confidential container (See the Goals section for the details). Therefore, the most of development efforts on this project are contributed to these sub-projects under the organization https://github.com/inclavare-containers/.
The DevStats statistics can be found here.
Note:
- Most of development efforts are contributed to the sub-projects under the organization Inclavare Containers and enclave-cc rather than https://github.com/inclavare-containers/inclavare-containers.
- The statistics for the development efforts on the part of enclave container runtime is moved to here
The maintainer list can be found here.
-
Inclavare Containers' enclave container runtime is now adopted as Alibaba Cloud Container Service for Kubernetes (ACK), which can be deployed in production and commercial use TEE-based ACK in Alibaba Cloud.
-
Inclavare Containers' enclave attestation architecture is now adopted in TEE-based ACK to provide the capability of remote attestation.
-
Inclavare Containers' enclave attestation architecture is used to support remote attestation for Confidential Containers project, and Verdictd from Inclavare Containers project is mentioned in Confidential Containers's initial official release.
-
rats-tls from Inclavare Containers is now supported by Alibaba Cloud Linux for SGX remote attestation.
Inclavare Container project is targeting to incubate some innovative sub-projects for confidential containers ecosystem.
-
Enclave Attestation Architecture (EAA):support hierarchical and mutual attestation across different TEEs
- librats: Low level attester and verifier drivers for remote attestations on multiple TEE platforms, e.g, Intel SGX DCAP, AMD SEV, SEV-ES and SEV-SNP, Intel TDX and Hygon CSV.
- rats-tls: IETF RATS architecture based TLS using librats.
- etpm: Protected vTPM backend using TEE approach
- attestation evidence broker: A general attestation-assisted service
- eventlog-rs: Event Log utility for confidential computing
-
Software Supply Chain for confidential container: use reproducible / deterministic build to verify the evidence manifest from TEEs
- rbi: The scripts to support reproducible build for kata containers.
- deterministic builds: eBPF-based tool for deterministic builds.
-
Transparent network traffic gateway over attested channel using TEEs:
The developement work for the part of enclave container runtime will continue in enclave-cc.
One of our primary aims is to increase Inclavare Containers' visibility and adoption, together with sharing the view of process-level confidential containers to advance the Confidential Computing.
With the help of CNCF, this project has gained more attention from the community and more developers have invested in the co-construction.
This would help with the targets mentioned in Goals.
Now Inclavare Containers is not ready for incubation yet.