EGo is a framework for building confidential apps in Go. Confidential apps run in always-encrypted and verifiable enclaves on Intel SGX-enabled hardware. EGo simplifies enclave development by providing two user-friendly tools:
ego-go, an adapted Go compiler that builds enclave-compatible executables from a given Go project – while providing the same CLI as the original Go compiler.
ego, a CLI tool that handles all enclave-related tasks such as signing and enclave creation.
Building and running a confidential Go app is as easy as:
ego-go build hello.go ego sign hello ego run hello
If you are on Ubuntu 18.04 or above and do not want to build EGo from source, you can install the binary release:
wget -qO- https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add sudo add-apt-repository 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' wget https://github.com/edgelesssys/ego/releases/download/v0.1.0/ego_0.1.0_amd64.deb sudo apt install ./ego_0.1.0_amd64.deb
Now you are ready to build applications with EGo! To start, check out the samples.
Build and Install
Prerequisite: Edgeless RT is installed and sourced.
mkdir build cd build cmake .. make make install
- helloworld is a minimal example of an enclave application.
- remote_attestation shows how to do remote attestation in EGo.
- vault demonstrates how to port a Go application exemplified by Hashicorp Vault.
- The EGo API provides access to remote attestation and sealing to your confidential app at runtime.