Wasm Builders 🧱

Cover image for Why Enarx?
Ngumih Fien
Ngumih Fien

Posted on

Why Enarx?

If you're new to Confidential Computing Consortium, you're welcome here. This is a safe space for newbies like me, who love to get into the Confidential Computing world but don't really know what it is about.

What is Confidential Computing Consortium?

Confidential Computing Consortium is a cloud technology that protects sensitive data during processing.

How does Confidential Computing Consortium Work?

Before data can be processed, it must be unencrypted in memory. This makes the data vulnerable to harmful exploits.

Confidential computing addresses this issue by utilizing a hardware-based trusted execution environment also known as TEE which is a safe enclave in the CPU.
The TEE is protected by inbuilt encryption keys, which are only accessible to approved application code thanks to embedded attestation methods. The TEE prevents access to the keys and terminates the computation if malware or other unauthorized code attempts to access the keys, or if the authorized code is hacked or altered in any manner.

Why Enarx?

Enarx is a framework for executing applications in TEE instances (which we regard to as "Keeps") without having to trust a large number of dependencies, rewrite the program, or handle attestation independently.
So basically, Enarx helps you to protect your data in the TEE.

To answer the above question;

  • Enarx is an open source software: Yes, it means you can make meaningful contributions to the software. This will also encourage the community to perform audits to allow those who are not in a position to perform the analysis themselves to have a high level of trust in the Enarx code. This can be done on the Enarx GitHub repository.

  • Enarx Scope: It provides a WebAssembly runtime based on wasmtime, which allows developers to implement WebAssembly in a variety of languages, including Rust, C, C++, C#, Go, Java, Python, and Haskell. It is designed to work across silicon architectures transparently to the user, allowing the application to run equally well on Intel platforms (SGX or the recently announced TDX), AMD platforms (SEV), and upcoming platforms such as Arms' Realms and IBM's PEF - all without requiring the application code to be recompiled.

  • Enarx is CPU architecture independent allowing the same application code to be deployed across different devices while abstracting concerns like cross-compilation and hardware vendor-specific attestation processes

  • Enarx is secure: In Enarx every application instance passes through three steps:

  • Attestation: Enarx verifies that the host you're trying to deploy to is a legitimate TEE instance.
    Packaging: The Enarx management component encrypts the application, as well as any needed data, once the attestation is complete and the TEE instance verified.
    Provisioning: Enarx then delivers the application and data to the Enarx Keep host for execution.

    • Enarx is simple to use: Enarx aims to make it simple to deploy workloads to a variety of different TEEs in the cloud, on your premises or elsewhere, and to allow you to have confidence that your application workload is as secure as possible.

    Thank you for reading to the end! I hope you learned something new. Feel free to leave any suggestions in the comment section.

    Top comments (2)

    aryank21 profile image
    Aryan Kaushik

    Great effort @fienne

    fienne profile image
    Ngumih Fien

    Thanks Aryan