Awesome SGX

Collection of material for learning SGX.

Table of Contents

• BlockChain
• Container
• CRYPTO
• DATABASE
• EMULATOR
• GAME
• Hardware
• LibOS
• MachineLearning
• NETWORK
• Paper
• Programming Language
• Side-Channels
• SDK
• Samples
• Study
• Security
• Tool&&DEBUG

BlockChain

• LedgerHQ/bolos-enclave
• luckychain/lucky - Proof of luck Intel SGX and IPFS based blockchain.
• Town Crier - Town Crier: an Authenticated Data Feeds for Smart Contracts http://town-crier.org
• infobiac/eEVM - Enclave ready EVM (eEVM) is an open-source, standalone, embeddable, C++ implementation of the Ethereum Virtual Machine. http://microsoft.com/blockchain
• hyperledger-labs/fabric-private-chaincode - This lab enables Secure Chaincode Execution using Intel SGX for Hyperledger Fabric.
• hyperledger/avalon - Hyperledger Avalon (formerly Trusted Compute Framework) https://wiki.hyperledger.org/display/…
• smartcontractkit chainlink - node of the decentralized oracle network, bridging on and off-chain computation https://chain.link.
• skalenetwork/sgxwallet - sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology.
• Secret Network - Secret Network is the first blockchain with data privacy by default for smart contracts and entirely based on Intel SGX technology. https://scrt.network/
• phala-blockchain - Phala Network is a blockchain-based confidential computing cloud.
• substraTEE - Trusted Off-Chain Compute Framework for substrate blockchains
• automata - Automata Network is a modular attestation layer that extends machine trust to Ethereum with TEE Coprocessors.

Container

• tozd/docker-sgx - A Docker image with Intel SGX support. https://hub.docker.com/r/tozd/sgx/.
• alibaba/inclavare-containers - A novel container runtime, aka enclave container, for confidential computing and cloud-native ecosystem.
• deislabs/mystikos - Tools and runtime for launching unmodified container images in Trusted Execution Environments
• confidential-containers/enclave-cc - Process-based Confidential Container Runtime

CRYPTO

• intel/intel-sgx-ssl - Intel® Software Guard Extensions SSL.
• WolfSSL - WolfSSL with SGX for Linux OS using Eclipse IDE and SGX Plugin.
• momalab/SGXCrypter - SGXCrypter is a novel approach on encryption based binary packing.
• rscosta/SGXCryptoFile - SgxCryptoFile - App for Encrypting and Decrypting Files using Intel SGX.
• oweisse/sgx_crypto_wrapper - A Python wrapper for sgx_tlibcrypto library.
• sparkly9399/SGX-OpenSSL - OpenSSL library for SGX application.
• ayeks/TresorSGX - Securing storage encryption by using Intel SGX enclaves. First attempt for the isolation of OS components with trusted enclaves.
• kudelskisecurity/sgx-reencrypt - PoC of an SGX enclave performing symmetric reencryption.

DATABASE

• yerzhan7/SGX_SQLite - SQLite database inside a secure Intel SGX enclave (Linux).

EMULATOR

• tristartom/sgx-emulator - An Emulator and SDK for Intel SGX extension.
• intel/qemu-sgx - qemu with SGX.
• sslab-gatech/opensgx - OpenSGX: An open platform for Intel SGX.
• intel/kvm-sgx - This repository hosts preliminary Linux/KVM patches to support SGX virtualization on KVM.

GAME

• utds3lab/sgx-biniax2 - A Linux game with SGX.
• djwessel/sgx-snake - A simple snake game implemented with SGX.
• suinkang/SGX-Doom3 - Doom3 with SGX.

Hardware

• ayeks/SGX-hardwarep - This is a list of hardware which is supports Intel SGX - Software Guard Extensions.

LibOS

• Anjuna - Anjuna Runtime - a solution for executing unmodified applications in Intel SGX enclaves.
• oscarlab/graphene - Graphene / Graphene-SGX Library OS - a library OS for Linux multi-process applications, with Intel SGX support https://github.com/oscarlab/graphene/…
• SCONE - SCONE: Secure Linux Containers with Intel SGX
• SGXKernel - SGXKernel: A Library Operating System Optimized for Intel SGX
• Haven - Shielding Applications from an Untrusted Cloud with Haven.
• shwetasshinde24/Panoply - Low-TCB Linux Applications with SGX Enclaves.
• lsds/sgx-lkl - SGX-LKL Library OS for running Linux applications inside of Intel SGX enclaves.
• occlum/occlum - Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX.

MachineLearning

• zeyu-zh/TrustFL - Enabling Execution Assurance of Federated Learning at Untrusted Participants.
• ftramer/slalom - Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware.

NETWORK

• kaist-ina/SGX-Tor - https://github.com/kaist-ina/SGX-Tor.
• jnferguson/pwd - SGX password storage / authentication subsystem.

Paper

• vschiavoni/sgx-papers - A list of system papers using/about Intel SGX.

Programming Languages

• Rust - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language.
• C# - A C# example project downloaded from intel with GUI implemented with SGX.
• GO - Intel SGX with GoLang.
• Python - Python interface to the SGX SDK.
• JAVA - Trusted Computing Base with Intel SGX and Java JNI.
• lishen-nt/sgx-language-adapter - SGX language adapter for java and python.

Side-Channels

• jovanbulck/sgx-step - A practical attack framework for precise enclave execution control.
• jovanbulck/sgx-pte - Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution.
• jovanbulck/sgx-tutorial-space18 - Tutorial: Uncovering and mitigating side-channel leakage in Intel SGX enclaves.
• HE-Wenjian/SGXlinger - A side-channel attack vector based on interrupt latency against enclave execution of Intel SGX.
• plundervolt - Software-based Fault Injection Attacksagainst Intel SGX.

SDK

• 01org/linux-sgx - Intel(R) Software Guard Extensions for Linux* OS.
• adombeck/python-sgx - Python interface to the SGX SDK.
• apache/incubator-teaclave-sgx-sdk - Rust SGX SDK provides the ability to write Intel SGX applications in Rust Programming Language.
• rust-optee-trustzone-sdk - Rust OP-TEE TrustZone SDK: Enabling Safe, Functional, and Ergonomic Development of Trustlets.
• fortanix/rust-sgx - The Fortanix Rust Enclave Development Platform https://edp.fortanix.com.
• openenclave/openenclave - SDK for developing enclaves https://openenclave.io/sdk/.
• SOFAEnclave/KubeTEE - KubeTEE is a collection of TEE development, deployment, maintenance middleware frameworks, and services. Especially, it is for cloud-native workflows.
• edgelesssys/edgelessrt - Edgeless RT is an SDK for Trusted Execution Environments (TEE) built on top of Open Enclave.

Samples

• intel/sgx-ra-sample - The only official remote attestation sample that support the real and complete attestation.
• TinySecurityLab/SGXRemoteAttestation - A "real" remote attestation flamework of Intel SGX. (This one simulate the whole attestation process).

Study

• dingelish/SGXfail - SGX从入门到放弃

Security

• lsds/spectre-attack-sgx - Spectre attack against SGX enclave.
• bl4ck5un/mbedtls-SGX - mbedtls-SGX: a SGX-friendly TLS stack (ported from mbedtls).
• jaebaek/SGX-Shield - SGX-Shield: Enabling Address Space Layout Randomization (ASLR) for SGX Programs.
• tudinfse/sgxbounds - SGXBounds: Memory Safety for Shielded Execution (compiler pass and runtime).
• IAIK/sgxrop - The code to the SGX-ROP paper.

Tool&&DEBUG

• jovanbulck/sgx-step - A practical attack framework for precise enclave execution control.
• swarupchandra/secure-analytics-sgx - Securing Data Analytics on Intel SGX using Randomization.
• Glamdring - Glamdring: Automatic Application Partitioning for Intel SGX.
• kudelskisecurity/sgxfun - SGX command-line tools and paper.
• ireed/SGX - Code samples and tutorials for using intel software guard extensions.
• jethrogb/sgx-utils - Various utilities for Intel SGX hardware.