Announcing Fortanix Enclave Development Platform integration with Fortanix Enclave Manager | Fortanix Blog
Fortanix Enclave Development Platform (EDP) is the most secure, battle-tested, and easy to use SDK available to developers for building Intel SGX enclaves. Fortanix EDP is completely open source and fully integrated with the Rust language compiler and allows native Rust code to be compiled for enclaves without any modification. Since its launch last year, Fortanix EDP has seen rapid adoption among researchers and ISVs in the Runtime Encryption community building new products and services to enable confidential computing.
When we launched Fortanix Confidential Computing Enclave Manager as a SaaS offering running on Azure Confidential Cloud last month, it offered users an easy way to bring their most sensitive applications and data to a confidential computing environment. Fortanix Enclave Manager provides developers with full lifecycle support for managing their enclave application. Key features include the ability to transparently make applications run securely in enclaves, remote attestation, integrity protection, identity management, data access control and the ability to whitelist applications.
Today, we are excited to extend the benefits of Fortanix Enclave Manager to developers who have been using Fortanix EDP to build secure enclaves. EDP is now natively integrated with Enclave Manager, and developers can simply add their EDP apps to be managed and orchestrated by Enclave Manager along with other EDP or Enclave OS apps. Developers can configure policies for certificate issuance, and whitelisting of enclave images, just like other enclave applications.
With this integration, when a user launches an EDP enclave application, Fortanix Enclave Manager verifies the remote attestation of the enclave and issues an X.509 certificate to the enclave application based on the policy configuration. The enclave application can use this certificate to prove its identity to other applications and to create a secure TLS channel between two enclave applications.
An Enclave Manager issued certificate confirms the following for an application enclave:
- The application enclave is a valid Intel SGX enclave and has been verified using Intel SGX remote attestation service.
- The Enclave Manager administrator has approved the enclave image to be used within the Enclave Manager account.
- The Application is running on compute nodes enrolled in the Enclave Manager account.
How it works:
We have released an open source library to simplify Enclave Manager integration with EDP applications. Using this library, developers can seamlessly integrate their EDP application with Enclave Manager in their dev and test environments.
- The Enclave Manager library allows EDP applications to obtain signed X.509 certificates from Enclave Manager.
- Enclave Manager verifies the attestation of the EDP application and issues a X.509 certificate for an approved domain for the application.
- EDP applications can now use the certificate as server certificates (e.g., web servers, databases, etc.), client certificates or both as shown in this example.
Additionally, we have made an open source CLI tool along with CURL examples. EDP applications can easily interface with Enclave Manager through the Enclave Manager UI. It is possible to completely automate EDP and Enclave Manager integration as part your current development pipeline.
How to get started:
See also:
Originally published at https://fortanix.com.
