Confidential Computing with Go
We had a great presentation by Moritz Eckert from edgeless systems about Confidential Computing with Go, and especially ego.dev, a modified Go compiler and additional tooling which allows you to run code within a trusted execution environment like Intel® SGX enclaves with zero code changes.
Here’s a recording of the talk, code walkthroughs and Q&A:
A few highlights from the talk:
- a trusted execution environment can be implemented in various ways, Intel SGX being one that is usable today (with others in development, e.g. Arm CCA, …)
- there are various applications, from security and privacy enhancements (e.g. medical records; private contact discovery in Signal to data sharing options between mistrusting parties, e.g. federated learning)
- the SGX architecture is not necessarily trival to implement as is — however, ego reduces the amount of work required for secure deployments of Go projects considerably: you can get started with a few commands and zero code changes
- ego builds on top of OpenEnclave, an open source SDK that provides consistent API surface across enclave technologies
We looked at a few examples from the ego.dev project:
- helloworld
- remote attestation, which shows how to connect to a secured server
Confidential computing is most likely becoming more deployed in the coming years and it’s really nice to be able to experiment and deploy solutions in Go today.
More information
- Intel® Software Guard Extensions (Intel® SGX) Developer Guide
- Edgeless Systems GitHub, open source components for Confidential Computing
- Open Enclave, SDK
- RandomClave (2021) analyzes potential risks in a PoC ransomware attack using SGX
- Everything You Should Know about Intel SGX Performance on Virtualized Systems (2019), looks at performance implications of SGX
- Bunnie mentioning secure enclaves
- more papers on the topics of Intel SGX and Confidential Computing on Archive Scholar
Join our meetup to get notified of upcoming events!
