Confidential computing is based on trusted execution environments supported by hardware, such as enclave on Intel SGX hardware technology and OT-TEE on Arm Trustzone. However, the differences between these heterogeneous TEEs are quite large, so there is an urgent need for a Shield TEE difference software middleware or SDK, which is the Microsoft Open Enclave SDK mentioned in this article.
Open Enclave provides compatibility with heterogeneous TEEs (SGX and OP-TEE), provides the same interface for upper-level confidential applications, and provides functions such as remote certification and multiple high-level language support for confidential computing.
Confidential computing is an ongoing effort to secure the entire lifecycle of data at rest, in transit, and in use. By using a trusted execution environment, customers can build applications that protect data from external access while in use. The Open Enclave SDK is an open source SDK designed to create a single unified enclave abstraction for developers to build Trusted Execution Environment (TEE) based applications. With the maturity of TEE technology and the emergence of different implementations, the Open Enclave SDK is committed to supporting an API set that allows developers to build and deploy on multiple technology platforms at once, from cloud to hybrid cloud to edge environments, and is compatible with Linux and Windows operating systems.
1. Environment construction
The host operating system is recommended to use ubuntu 18.04. In order to better build openenclave, it is recommended to install the necessary software libraries:
sudo apt update && sudo apt install -y a