Building SCONE-based applications
SCONE supports running applications written in common programming languages inside of Intel SGX enclaves without source code changes. These languages include compiled languages like C, Rust, C++, GO, and Fortran and interpreted / just-in-time languages like Python and Java.
For compiled languages, our recommend approach to run an application with SCONE is as follows:
- Use of precompiled binary: For many common applications like
memcached, we already support a curated image image on Docker hub.
- Ask us for help: if a standard application is not yet a curated image on docker hub, send us an email to see if we can help you with this
- Cross-compile: you can cross-compile your application with the help of the SCONE cross-compilers, for example, have a look how to compile C programs, and
- No Cross-Compilation:, you can run native Alpine-Linux applications inside of enclaves without recompilation.
Use Cross-Compilation instead of native compilation
While SCONE supports executing programs without recompilations for Alpine Linux, we recommend to always cross-compile: The interface to the operating system needs to be replaced, i.e., libc. Hence, one needs not only to provide the same version of libc but one must ensure that all bits are represented in the same way as in the native libc. This is difficult to achieve and better left to the compiler. For stability, we therefore recommend cross-compilation since the compiler checks that all the dependencies have the matching versions, all data types are bit compatible and includes the correct libraries statically in the binary. In this way, an application will have a unique and known MrEnclave.