1. LibOS
Library Operating System (LibOS for short) is based on the special needs of certain types of applications. Some resource management functions that originally belonged to the operating system kernel, such as file disk I/O, network communication, etc., are implemented by a high-level programming language. According to the requirements of modularization, it is provided to the special operating system of the application program in the form of library.
It can replace the operating system kernel to reasonably manage and control the involved computer resources, and directly expose the involved computer resources to applications, allowing applications to directly access the underlying (virtual) hardware so that applications can run efficiently. In particular, it is linked together with the application program at compile time to form a binary file with only a single address space and work at the application layer, which is an essential system component for building a Unikernel.
Compared with shared kernel technologies such as Container/VM, LibOS is lighter, consumes less operating resources, and provides kernel customization capabilities. LibOS has better isolation and can provide an independent OS for each application, so that applications can run on different platforms.
Quoted from Rudy's "Library Operating System libos"
2. SGX
Intel Software Guard Extensions (SGX) is a set of security-related instructions built into some modern Intel central processing units (CPUs). They allow user-mode and kernel-mode code to define specific memory areas as private areas, also known as enclaves. Its contents are protected and cannot be accessed by any process other than itself, including