To support the separation of Enclave and App architectures, this framework builds a CMake-compatible compilation system, optimizing modular development, dependency management, and cross-component integration, significantly reducing the complexity of SGX project builds.
To address the limitations of SGX’s standard library support, this framework provides:
- High-precision time support (millisecond, microsecond, nanosecond levels).
- Secure untrusted memory allocation, optimizing Enclave-to-App data interactions while ensuring secure access.
- File system access support, providing essential file system interaction capabilities.
To mitigate the lack of third-party libraries in the SGX environment, the framework offers:
- TOML configuration file management, ensuring secure configuration parsing and management.
- JSON parsing support, delivering efficient JSON handling for improved data exchange.
- High-precision numerical computation, applicable to cryptographic and financial applications requiring precise calculations.
- Logging system support, offering an SGX-compatible logging framework for debugging and error analysis.
- HTTP(s) functionality, encapsulating secure HTTPs client and HTTP server, enhancing Enclave's networking capabilities.
- UUID Version 4 generation, providing random unique identifiers for various application needs.
To address the challenges of testing SGX code, the framework provides:
- Unit and integration testing in a trusted environment, improving test coverage and stability.
- A secure testing environment, allowing functionality validation without compromising Enclave isolation.
The framework enhances object-oriented file stream support, extending beyond the MRSIGNER mechanism to incorporate multiple encryption schemes:
- MRENCLAVE-bound secure storage, ensuring that data is accessible only by a specific Enclave.
- Flexible key derivation and encryption mechanisms, improving file storage security and compatibility.
To reduce the complexity of core SGX function interfaces, the framework provides object-oriented API encapsulations for key SGX features:
- Sealing (Secure Storage): High-level APIs for simplified encrypted storage and key management.
- Remote Attestation: Encapsulated SGX remote attestation processes, making trust verification more intuitive and easy to use.