Skip to content
This repository has been archived by the owner on Apr 13, 2024. It is now read-only.

distrust-foundation/EnclaveOS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

EnclaveOS

https://github.com/distrust-foundation/enclaveos

About

A minimal, immutable, and deterministic Linux unikernel build system targeting various Trusted Execution Environments for use cases that require high security and accountability.

This is intended as a reference repository which could serve as a boilerplate to build your own hardened and immutable operating system images for high security applications.

Platforms

Platform Target Status Verified boot Method
Generic/Qemu generic working Safeboot or Heads
AWS Nitro Enclaves aws building Nitro attestation API
GCP Confidential Compute gcp research vTPM 2.0 attestation
Azure Confidential VMs azure research vTPM 2.0 attestation

Features

  • Immutability
    • Root filesystem is a CPIO filesystem extracted to a RamFS at boot
  • Minimalism
    • < 5MB footprint
    • Nothing is included but a kernel and your target binary by default
    • Sample "hello world" included as a default reference
    • Debug builds include busybox init shim and drop to a shell
  • Determinism
    • Multiple people can build artifacts and get identical hashes
    • Allows one to prove distributed artifacts correspond to published sources
  • Hardening
    • No TCP/IP network support
      • Favor using a virtual socket or physical interface to a gateway system
    • Most unessesary kernel features are disabled at compile time
    • Follow Kernel Self Protection Project recommendations

Development

Requirements

  • 10GB+ free RAM
  • Docker 20+
  • GNU Make

Examples

Build given target

make TARGET=generic

Boot generic image in Qemu

make run

Enter shell in toolchain environment

make toolchain-shell

Update toolchain depedendency pins

make toolchain-update

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published