Build Confidential Go Apps with Ease​

EGo enables you to run Go apps in Intel® SGX enclaves with zero code changes.​


Star Fork

Why EGo

Confidential computing enables the always-encrypted and verifiable processing of data - in the cloud and elsewhere.

Developing confidential apps used to require arcane knowledge and significant code changes. With EGo, you can skip that and develop your Go code as usual.

In the video above, Visual Studio Code is used to debug unmodified HashiCorp Vault running on EGo in an Intel® SGX enclave in debug mode.

  • Build, debug, and run Go apps as usual
  • Have all the benefits of confidential computing
  • Permissive open-source license (MPL-2)​
$ sudo snap install ego-dev --classic
$ ego-go build helloworld.go
$ ego sign helloworld
$ ego run helloworld
Loading enclave...
Entering enclave...
Hello from enclave!

How to Use​

With EGo, you don’t need to refactor your app to run it in a secure enclave. Just use three simple commands to build, sign, and run your code - be it 10 or 100,000 lines of Go with complex dependencies.

Want to scale your confidential app? Marblerun - “the service mesh for confidential computing” - has native support for EGo-based microservices and makes it easy to securely scale confidential apps on Kubernetes.

Want to use Intel® SGX features like sealing or remote attestation? Just import EGo’s enclave library and access everything in a single line of code. For example, get an attestation report for your TLS certificate:

r, err := enclave.GetRemoteReport(sha256.Sum256(cert)[:])

Features


Super secure

All your data and code are kept inside the secure enclaves at runtime. No need to partition your app.


Easy to use

Start by lifting & shifting your existing Go code without changing a line. Use the EGo runtime library to effortlessly access SGX-specific features.


Easy to scale

Marblerun has native support for EGo-based microservices and makes it easy to scale them securely on Kubernetes.


Built on industry standards

EGo builds upon the industry standard Open Enclave. This makes it future-proof and portable to other hardware platforms. EGo also supports the latest DCAP attestation protocol.


Runs everywhere

Don’t have SGX-enabled hardware? No problem! EGo apps run in simulation mode on any host. Also, many cloud providers already offer SGX-enabled VMs.


Lightweight

EGo does not try to simulate a full POSIX environment in your enclave. It just loads as much code as necessary for the Go runtime to work well, keeping the trusted computing base (TCB) small.

Want to build confidential Go apps?​

Want to build confidential Go apps?​


Get started →

Blog

EGo: Effortlessly build confidential apps in Go

We give an intro to EGo and discuss features.

The Open-Source Landscape of Confidential Computing in 2021

We give an overview of the open-source landscape in confidential computing and show where EGo fits in.

4 Use Cases for Confidential Computing

We discuss specialized use cases for confidential computing that can be realized with EGo.

We’re Hosting the Open Confidential Computing Conference 2021!

Come join us for free on March 11 and learn more about EGo and other exciting open-source projects for confidential computing!

Why Do We Need Confidential Computing?

We give an intro to the basics of confidential computing.



Build Confidential ​Go Apps with Ease​