Skip to content

SCONE Curated Images

We provide a set of curated SCONE container images on a (partially private) repositories on Docker hub:

Private images:1

Image Name Description
sconecuratedimages/crosscompilers a container image with all the SCONE crosscompilers.
sconecuratedimages/crosscompilers:runtime a container image that can run dynamically linked applications inside of an enclave.
sconecuratedimages/apps:python-3.7.3-alpine3.10 a container image including a python interpreter running inside of an enclave.
sconecuratedimages/apps:python-2.7-alpine3.6 a container image including a python interpreter running inside of an enclave.
sconecuratedimages/apps:mongodb-alpine MongoDB container image.
sconecuratedimages/apps:scone-vault-latest Vault 0.8.1 container image.
sconecuratedimages/apps:memcached-alpine Memcached container image.
sconecuratedimages/apps:node-8.9-alpine a container image for node running inside an enclave.
sconecuratedimages/apps:nginx-1.13-alpine a container image for nginx running inside an enclave.
sconecuratedimages/apps:8-jdk-alpine a container image for Java applications running inside an enclave.

Please send us an email if you need a curated image of another application or a different/newer version of an application. Most of the time, we will be able to provide you an image on short notice.

Login in

Access to some SCONE images is restricted. First, create a new docker hub ID (- in case you do not yet have one). Second, get access to the private images for evaluation by sending email to with your docker hub id and short statement what images you want to evaluate and what you plan to do with the images. Second, log into to docker hub via:

> docker login

before you will be able to pull any of the private curated images.

Scone Compilers

To run a local copy of the SCONE (cross-)compilers, just pull the appropriate image on your computer.

Dynamically-Linked Binaries

Even if you have no SGX CPU extension / no SGX driver installed on your computer, you can use a standard gcc compiler - as long as the requirements mentioned in SGX ToolChain are satisfied.

docker pull sconecuratedimages/muslgcc

Note that the binaries generated with the above image are just native binaries, i.e., they run outside of enclaves. To be able to run the binary inside of an enclave, you need to have installed the SCONE runtime library.

To run a dynamically-linked binary, one needs a special runtime environment. We provide this in form of a (private) container image:

docker pull sconecuratedimages/crosscompilers:runtime

Statically-Linked Binaries

To generate statically-linked secure binaries you need a cross compiler. You can pull this image from Docker hub (you need to be granted access rights for that):

docker pull sconecuratedimages/crosscompilers

Scone Hello World

You can pull the following (private) image. This image only runs in hardware mode:

docker pull sconecuratedimages/helloworld

If you installed the patched Docker engine, run the helloworld program inside of an enclave via

> docker run sconecuratedimages/helloworld
Hello World

This command will fail in case you have the standard Docker engine installed:

docker run sconecuratedimages/helloworld
error opening sgx device: No such file or directory

You can run on the standard Docker engine - if you have the SGX driver installed:

> docker run --device=/dev/isgx sconecuratedimages/helloworld
Hello World

If you do not have the SGX driver installed, you get an error message:

> docker run --device=/dev/isgx sconecuratedimages/helloworld
docker: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/isgx": no such file or directory.

In this case, install the SGX driver. This installation will fail in case you disabled SGX in the BIOS or your CPU is not SGX-enabled.



©, September 2019. Questions or Suggestions?

  1. send email to to get access.