SCONE Curated Images
We provide a set of curated SCONE container images on a (partially private) repositories on Docker hub:
|registry.scontain.com:5050/sconecuratedimages/crosscompilers||a container image with all the SCONE crosscompilers.|
|registry.scontain.com:5050/sconecuratedimages/crosscompilers:runtime||a container image that can run dynamically linked applications inside of an enclave.|
|registry.scontain.com:5050/sconecuratedimages/apps:python-3.7.3-alpine3.10||a container image including a python interpreter running inside of an enclave.|
|registry.scontain.com:5050/sconecuratedimages/apps:python-2.7-alpine3.6||a container image including a python interpreter running inside of an enclave.|
|registry.scontain.com:5050/sconecuratedimages/apps:mongodb-alpine||MongoDB container image.|
|registry.scontain.com:5050/sconecuratedimages/apps:scone-vault-latest||Vault 0.8.1 container image.|
|registry.scontain.com:5050/sconecuratedimages/apps:memcached-alpine||Memcached container image.|
|registry.scontain.com:5050/sconecuratedimages/apps:node-8.9-alpine||a container image for node running inside an enclave.|
|registry.scontain.com:5050/sconecuratedimages/apps:nginx-1.13-alpine||a container image for nginx running inside an enclave.|
|registry.scontain.com:5050/sconecuratedimages/apps:8-jdk-alpine||a container image for Java applications running inside an enclave.|
Please send us an email if you need a curated image of another application or a different/newer version of an application. Most of the time, we will be able to provide you an image on short notice.
Access to some SCONE images is restricted. First, register a free account on
Second, log into to our Scontain registry via:
docker login registry.scontain.com:5050
before you will be able to pull any of the private curated images.
To run a local copy of the SCONE (cross-)compilers, just pull the appropriate image on your computer.
Even if you have no SGX CPU extension / no SGX driver installed on your computer, you can use a standard gcc compiler - as long as the requirements mentioned in SGX ToolChain are satisfied.
docker pull registry.scontain.com:5050/sconecuratedimages/muslgcc
Note that the binaries generated with the above image are just native binaries, i.e., they run outside of enclaves. To be able to run the binary inside of an enclave, you need to have installed the SCONE runtime library.
To run a dynamically-linked binary, one needs a special runtime environment. We provide this in form of a (private) container image:
docker pull registry.scontain.com:5050/sconecuratedimages/crosscompilers:runtime
To generate statically-linked secure binaries you need a cross compiler. You can pull this image from Docker hub (you need to be granted access rights for that):
docker pull registry.scontain.com:5050/sconecuratedimages/crosscompilers
Scone Hello World
You can pull the following (private) image. This image only runs in hardware mode:
docker pull registry.scontain.com:5050/sconecuratedimages/helloworld
You can run on the standard Docker engine - if you have the SGX driver installed. We determine which SGX device to mount with function determine_sgx_device.
determine_sgx_device > docker run $MOUNT_SGXDEVICE registry.scontain.com:5050/sconecuratedimages/helloworld Hello World
If you do not have the SGX driver installed, you get an error message:
> docker run $MOUNT_SGXDEVICE registry.scontain.com:5050/sconecuratedimages/helloworld docker: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/isgx": no such file or directory.
In this case, install the SGX driver. This installation will fail in case you disabled SGX in the BIOS or your CPU is not SGX-enabled.
Just register a free account on