Confidential Computing with Go
We had a great presentation by Moritz Eckert from edgeless systems about Confidential Computing with Go, and especially ego.dev, a modified Go compiler and additional tooling which allows you to run code within a trusted execution environment like Intel® SGX enclaves with zero code changes.
Here’s a recording of the talk, code walkthroughs and Q&A:
A few highlights from the talk:
- a trusted execution environment can be implemented in various ways, Intel SGX being one that is usable today (with others in development, e.g. Arm CCA, …)
- there are various applications, from security and privacy enhancements (e.g. medical records; private contact discovery in Signal to data sharing options between mistrusting parties, e.g. federated learning)
- the SGX architecture is not necessarily trival to implement as is — however, ego reduces the amount of work required for secure deployments of Go projects considerably: you can get started with a few commands and zero code changes
- ego builds on top of OpenEnclave, an open source SDK that provides consistent API surface across enclave technologies
We looked at a few examples from the ego.dev project:
Confidential computing is most likely becoming more deployed in the coming years and it’s really nice to be able to experiment and deploy solutions in Go today.
- Intel® Software Guard Extensions (Intel® SGX) Developer Guide
- Edgeless Systems GitHub, open source components for Confidential Computing
- Open Enclave, SDK
- RandomClave (2021) analyzes potential risks in a PoC ransomware attack using SGX
- Everything You Should Know about Intel SGX Performance on Virtualized Systems (2019), looks at performance implications of SGX
- Bunnie mentioning secure enclaves
- more papers on the topics of Intel SGX and Confidential Computing on Archive Scholar
Join our meetup to get notified of upcoming events!