Continued from the previous article [Confidential Computing Practice] Introduction to the LibOS Project Supporting Intel SGX (1)
四、Mystikos
Mystikos is a runtime library and set of tools for running Linux applications in a hardware Trusted Execution Environment (TEE). The current release supports Intel SGX, while future releases may support other TEEs.
4.1 Objectives
-
Application code and data are protected in memory by using a hardware TEE. Combined with key management, authentication and hardware trust bases, and encryption of data at rest and in transit to protect against additional threats outside the scope of this project.
-
Local or containerized applications can be moved to run in the TEE with little or no modification, enabling security elevation and mobility
-
Allowing users and application developers to control the composition of the Trusted Computing Base (TCB), ensures that all components of the execution environment running within the TEE are open source and licensed.
-
Simplifies adaptation to other TEE architectures through a plug-in architecture.