Skip to content

A library OS for Linux multi-process applications, with Intel SGX support

License

Notifications You must be signed in to change notification settings

oshogbo/gramine

Repository files navigation

Graphene Library OS with Intel SGX Support

Documentation Status

A Linux-compatible Library OS for Multi-Process Applications

What is Graphene?

Graphene is a lightweight guest OS, designed to run a single application with minimal host requirements. Graphene can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Graphene supports native, unmodified Linux applications on any platform. Currently, Graphene runs on Linux and Intel SGX enclaves on Linux platforms.

With Intel SGX support, Graphene can secure a critical application in a hardware-encrypted memory region. Graphene can protect applications from a malicious system stack with minimal porting effort.

Our papers describe the motivation, design choices, and measured performance of Graphene:

Graphene is not a production-ready software (yet)

Graphene is at a point where it is functionally ready for testing and development, but there are some known security issues that require more attention. The effort to review and harden security of Graphene is ongoing. Our roadmap is to address the remaining production blockers roughly by the fall of 2021. Of course, with additional help from the community, we can meet these milestones sooner!

The most important problems (which include major security issues) are tracked in #1544 (Production blockers). You should read it before installing and using Graphene.

How to get Graphene?

The latest version of Graphene can be cloned from GitHub:

git clone https://github.com/oscarlab/graphene.git

At this time Graphene is available only as source code. Building instructions are available.

How to run an application in Graphene?

See our quick start guide.

Automatically running applications via Graphene Shielded Containers (GSC)

Applications deployed as Docker images may be graphenized via the gsc tool.

Getting help

For the full documentation of the Graphene, see the Graphene documentation.

For any questions, please send an email to [email protected] (public archive).

For bug reports, post an issue on our GitHub repository: https://github.com/oscarlab/graphene/issues.

About

A library OS for Linux multi-process applications, with Intel SGX support

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 88.0%
  • Python 5.8%
  • Meson 1.9%
  • Assembly 1.7%
  • Makefile 1.2%
  • Shell 0.8%
  • Other 0.6%