enarx

Enarx: Confidential Computing with WebAssembly

APACHE-2.0 License

Downloads
137.5K
Stars
1.3K
Committers
49
View Code on GitHub Visit Website View on X
Ecosystems: Rust

Bot releases are hidden (Show)

enarx - Fushimi Castle

Published by platten over 2 years ago

Fushimi Castle

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

Features:

  • UX: Flesh out fundamental drawbridge CLI by @bstrie in #2020
  • UX: User login CLI by @bstrie in #2002
  • UX: Restructure CLI into new hierarchy by @bstrie in #1976
  • UX: Rename enarx cpu to enarx platform by @bstrie in #2016
  • UX: Add addr to listen in Enarx.toml by @haraldh in #2008

Fixes:

  • SGX: Prevent aesmd error 42 - ATT_KEY_NOT_INITIALIZED by @haraldh in #1968
  • SGX: Revert the use of AVX2 and AVX512 by @jarkkojs in #1974
  • Example TCP Server: Correct target_os by @haraldh in #2023

Documentation:

  • Install: Install documentation update by @platten in #1946
  • Quickstart: Add Quickstart installation guide by @nickvidal in #1949
  • Quickstart: Update links and formatting in Quickstart per additional feedback by @platten in #1956
  • Install & Quickstart: Use --locked with cargo install and homebrew tap by @platten in #1957
  • Enarx.toml: Add Enarx_toml.md by @haraldh in #2011
  • README-DEBUG: Reburnish KVM / SNP in README-DEBUG.md by @jarkkojs in #1932
  • README-DEBUG: Reburnish the SGX GDB documentation by @jarkkojs in #1937

Dependencies:

  • Cargo update and wasmtime 0.38 by @haraldh in #2009
  • Bump Rust toolchain by @bstrie in #1969
  • Update serial_test requirement from 0.6 to 0.7 in /crates/sallyport by @dependabot in #1947

Other:

  • Refactor: Reduce crate feature surface area by @bstrie in #1943
  • Build: Use new Cargo sparse registry support by @bstrie in #2010
  • Release: Extend release workflow to build Windows MSI installer by @platten in #1928
  • NIX: Update flake lock by @rvolosatovs in #2024
  • CI: Use published coverage tool and update coverage exclusions by @bstrie in #1923
  • CI: Add built assets to release draft by @rvolosatovs in #1972

Requirements

  • Rust nightly

Installation

For installation instructions please see our page on Installing Enarx.

If you are an application developer without a need for running inside of Trusted Execution Environments, or do not have access to a Linux host with SGX2, SEV-SNP or KVM support, please check out our new Quick Start guide

Known (Temporary) Issues

  • Incomplete WASI support
  • Custom kernel required for SGX or SEV-SNP

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari @platten @greyspectrum @bstrie @jarkkojs @definitelynobody @rjzak @Deepansharora27 @mayankkumar2 @moksh-pathak

Full Changelog: https://github.com/enarx/enarx/compare/v0.5.1...v0.6.0

enarx - v0.5.1

Published by platten over 2 years ago

Note:

The issue reported by @Freax13 and patched by @jarkkojs is a major security issue affecting workloads on SGX keeps. However, we are not aware of any successful attacks.

What's Changed

Fixes

  • SGX: check that sallyport block is outside shim in #1918
  • KVM: Revert support old CPUs by @haraldh in #1884
  • UX: Display uname system info only once by @haraldh in #1885

Features:

  • SGX: host side mm-handlers by @jarkkojs in #1883
  • UX: add --version and extend --help by @haraldh in #1886
  • UX: add ignore message by @haraldh in #1896
  • Platform: add Windows support with the nil backend by @haraldh in #1890
  • Release: build artifacts for aarch64-apple-darwin, x86_64_windows and SBOMs by @platten in #1906
  • CI: provide static, reproducible builds by @rvolosatovs in #1872
  • CI: use codecov-action v3 by @haraldh in #1900

Full Changelog: (https://github.com/enarx/enarx/compare/v0.5.0...v0.5.1)

enarx - Elmina Castle

Published by haraldh over 2 years ago

Elmina Castle

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

  • Lower system requirements! New "nil" backend which enables development and testing on MacOS & Raspberry Pi 4B. Check out the blog post!
  • Further improved SGX with Enclave Dynamic Memory Management (EDMM) / SGX2 platform support: munmap(), mprotect() and mremap()
  • Ability to run package and hosted workfloads from Drawbridge with new enarx deploy subcommand
  • Dependency on OpenSSL has been removed to make it easier to ship statically-linked binaries
  • Programming language support for WASM:
  • Experimental programming language support for WASM:
  • User documentation is now versioned and tested automatically
  • Sallyport moved into the Enarx monorepo for faster iteration
  • Various bugfixes

Requirements

  • Rust nightly

Installation

For installation instructions please see our page on Installing Enarx.

Known (Temporary) Issues

  • Incomplete WASI support
  • Custom kernel required for SGX

Highlights

Full Changelog: https://github.com/enarx/enarx/compare/v0.4.0...v0.5.0

enarx - Fort of Dhat al-Hajj

Published by platten over 2 years ago

Fort of Dhat al-Hajj

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

  • Improved TLS support
  • Improved SGX with Enclave Dynamic Memory Management (EDMM) / SGX2 platform support
  • Support legacy CPUs using KVM backend
  • Programming language support:
  • Experimental programming language support:
  • User experience improvements
    • Added sub-commands for downloading and caching VCEK for AMD SEV-SNP hardware
    • Added sub-command for registering SGX hardware with Intel's key server
  • Migration to cargo's binary dependencies for sub-crates
  • Various bugfixes

Breaking Changes

  • For SGX 2 support, custom kernel has to be installed from here.
  • SGX support deprecated. Hardware with SGX 2 support, required to use SGX backend.
  • AESMD w/ PCCS daemon connection needs to be running.

Requirements

  1. A supported hardware platform
  2. Rust nightly
  3. A custom kernel for non-KVM backends:
    • For the SGX backend:
      • Hardware with SGX 2 support required. SGX support deprecated.
      • Custom kernel has to be installed from here.
    • For the SEV-SNP backend:
      • Hardware with SEV-SNP. SEV support deprecated.
      • Custom kernel has to be installed from here.

For build instructions, see our build documentation.

Installation

For installation instructions please see our page on Installing Enarx.

Known (Temporary) Issues

  • Logging is forcibly enabled and outputs to standard error
  • Incomplete WASI support
  • Missing support for unmap, remap and mprotect for SGX2
  • Custom kernel required for SGX.

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari @platten @greyspectrum @bstrie @jarkkojs @definitelynobody @rjzak @Deepansharora27 @mayankkumar2 @moksh-pathak

Full Changelog: https://github.com/enarx/enarx/compare/v0.3.0...v0.4.0

enarx - Chittorgarh Fort

Published by platten over 2 years ago

Chittorgarh Fort

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

  • Switch to Sallyport 0.3, Enarx’s API for the hypervisor-microkernel boundary features include:
    • Performance: architecture will now support batching of calls in upcoming releases
    • Security:
      • Validates syscalls during a keep exit
      • Only permits implemented syscalls
      • Guest no longer has knowledge about the host's address space
  • Transparent network TLS support: a self-signed cert is generated during runtime along with the root of trust
  • Attestation & validation support
  • User experience improvements
  • Improved SGX support

Breaking Changes

  • Enarx.toml:
    • addr field no longer supported
    • prot field added. Valid values are: tcp or tls

Requirements

  1. A supported hardware platform
  2. Rust nightly

For build instructions, see our build documentation.

Installation

For installation instructions please see our page on Installing Enarx.

Known (Temporary) Issues

  • Logging is forcibly enabled and outputs to standard error
  • Incomplete WASI support

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari @platten @greyspectrum @bstrie @jarkkojs @definitelynobody @jovanbulck @Deepansharora27 @mayankkumar2 @moksh-pathak @veehaitch

A special thanks to Tony Arcieri from the RustCrypto project for reviewing and merging the dozens of patches we put into their crates in order to make this release happen.

Full Changelog: https://github.com/enarx/enarx/compare/v0.2.1...v0.3.0

enarx - v0.2.1

Published by platten over 2 years ago

Note:

The issue patched by @jovanbulck is a minor security issue and we are not aware of any successful attacks.

What's Changed

New Contributors

Full Changelog: https://github.com/enarx/enarx/compare/v0.2.0...v0.2.1

enarx - Balmoral Castle

Published by platten over 2 years ago

Balmoral Castle

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

  • wasmtime 0.34.0 with networking enabled
  • WASI networking with pre-opened sockets
    • See examples/tcp_server/ for a full fledged mio example TCP server
  • GDB debugging
  • SEV-SNP attestation
  • Improvements in enarx info displaying additional information and JSON output support
  • enarx sev vcek - Download VCEK certificates for SEV platform and print to stdout in PEM format
  • Revamped pure WASI integration tests added

Requirements

  1. A supported hardware platform
  2. Rust nightly

For build instructions, see our build documentation.

Installation

For installation instructions please see our page on Installing Enarx.

Known (Temporary) Issues

  • Logging is forcibly enabled and outputs to standard error
  • Incomplete WASI support
  • All IO is unencrypted
  • No validation of attestation
  • No attestation support for SGX

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari

A special thanks to our new contributors:
@greyspectrum @bstrie @jarkkojs @definitelynobody @Deepansharora27 @mayankkumar2 @moksh-pathak @platten

Full Changelog: https://github.com/enarx/enarx/compare/v0.1.0...v0.2.0

enarx - Alamo

Published by npmccallum almost 3 years ago

Alamo Fort

Not Production Ready

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What it Does

This release includes two top-level commands enarx info and enarx run.

The enarx info command dumps information about your hardware platform. It can be useful for determining if your platform has support for one of the Enarx backends.

The enarx run command executes a WASM binary in a Keep using either the SEV or SGX backends. For testing and development, you can also run a WASM binary in the unencrypted KVM backend. Applications are currently limited due to our incomplete support for WASI.

Requirements

  1. A supported hardware platform
  2. Rust nightly

For build instructions, see our build documentation.

Known (Temporary) Issues

  • Logging is forcibly enabled and outputs to standard error
  • Incomplete WASI support
  • All IO is unencrypted
  • No attestation

SmashEx

This release contains a mitigation for the SmashEx attack.

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari

Package Rankings
Top 6.1% on Crates.io
Related Projects
FireDBG.for.Rust

🔥 Time Travel Visual Debugger for Rust

30 Oct 2023 1,157
shadow-shell

Cyber lab to learn AMD64 and ARM64 assembly, analyze shellcode, analyze malware and explore memor...

01 Nov 2023 6
OffensiveRust

Rust Weaponization for Red Team Engagements.

07 May 2019 2,646
scemu

x86 malware emulator

16 Oct 2021 179