1. 16 6月, 2020 1 次提交
  2. 12 5月, 2020 1 次提交
    • jia zhang's avatar
      inclavare-containers: an implementation of protected container · c9751df2
      jia zhang 提交于
      inclavare-containers is a set of tools for running trusted
      applications in containers with the hardware-assisted enclave
      technology. Enclave, referred to as a protected execution
      environment, prevents the untrusted entity from accessing the
      sensitive and confidential assets in use.
      
      Currently, inclavare-containers consists of two core components:
      rune and enclave runtime.
      
      rune is a CLI tool for spawning and running enclaves in containers
      according to the OCI specification. The codebase of rune is
      a fork of runc, so rune can be used as runc if enclave is not
      configured or available.
      
      Enclave runtime is the backend of rune, which is responsible
      for loading and running applications inside enclaves. The
      interface between rune and enclave runtime is Enclave Runtime PAL
      API, which allows invoking enclave runtime through well-defined
      functions. The software for confidential computing may benefit
      from this interface to interact with OCI runtime.
      
      Additionally, this commit includes additional information about the
      use of inclavare-containers.
      - Run sample enclave runtime skeleton with rune
      - Run enclave runtime Occlum with rune
      
      See README.md for more details.
      Signed-off-by: jia zhang's avatarJia Zhang <zhang.jia@linux.alibaba.com>
      Signed-off-by: NXiaozhe Wang <wangxiaozhe@linux.alibaba.com>
      Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>
      c9751df2