We show how to build a container image such that the service deployed by this image runs automagically inside of SGX enclaves. This workflow uses a "native" container image as input (typically, generated by an existing CI pipeline) and translates this into an image such that all files are protected and the service runs inside of an enclave.
Sconify Container Images
The general workflow is as follows. We add in an existing CI pipeline an extra stage that sconifies (i.e., converts) a native image into a confidential image. This sconification is typically performed as a stage of a CI pipeline. For a
node-based application/service, this might look as follows:
The actual transform is controlled via some arguments. Typically, one would select the appropriate arguments when setting up the pipeline. The image transform would be completely automated and executed as part of the CI pipeline.
A container image typically contains files with different lifetimes. Some of these files are ephemeral, i.e., are lost if either the service crashes or the container terminates. Other files must be persistent, i.e., they need to survive even after the service crashes or the container is terminated. Persistent files must be stored in volumes.
Also, the might exist different protection requirements for the files of a container image. Some of the files might only need integrity protection, e.g., files containing library functions. Other files might need confidentiality and integrity protection, i.e., files containing novel AI algorithms written in Python.
To integrity protect files, like the Python libraries, we recommend to use the SCONE binary file system. For files that need to be confidentiality and integrity protected, please use the SCONE file shield.
We recommend, however, that instead of using the SCONE file shield manually to encrypt file regions, use
sconifyto automate this process for encrypting images, and
encrypted volumes(see example) that are automagically encrypted.
The enterprise version of the sconify tool, uses the binary file system to embed all standard libraries of Python or Node services into the binary itself:
MrEnclave, i.e., the hash of the enclave, will include the measurement of all files in the binary file system. Note that files protected by the SCONE File Shield are also measured during attestation by SCONE.