Apache Teaclave™ SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.

Clone this repo:
  1. b635249 doc: update for graduation by Zhaofeng Chen · 4 days ago main
  2. 83839e6 doc: update branding name by Zhaofeng Chen · 5 weeks ago
  3. dceb9c1 polish readme.md by Zhaofeng Chen · 7 weeks ago
  4. 2a4a8ef license: fix and pass skywalking-eyes check by Zhaofeng Chen · 7 weeks ago
  5. 73062c5 Fixed dereferencing pointers in untrusted memory by volcano · 5 months ago dev-enclave

Apache Teaclave™ SGX SDK

License Homepage

Apache Teaclave™ SGX SDK is a Rust SDK for developing Intel SGX applications. It enables developers to write secure, privacy-preserving applications using Intel Software Guard Extensions (SGX) technology with the safety and performance benefits of the Rust programming language.

Overview

Apache Teaclave™ SGX SDK provides a comprehensive development environment for building Intel SGX enclaves in Rust. The current version (v2.0) offers significant improvements over the legacy v1.1 , including:

  • Modern Build System: Supports cargo build with no_std, xargo build, and cargo-std-aware modes
  • Rich Ecosystem: Direct support for Tokio and Tonic in enclave programming without modifications
  • Lightweight Architecture: Refactored Intel‘s SGX SDK using Rust, requiring only a minimal portion of Intel’s original SDK
  • Robust Testing: Comprehensive testing framework with well-tested sgx_tstd standard library
  • Simplified Dependencies: Eliminates the need to maintain 100+ third-party dependencies; most Rust crates work without modifications

Build System

The SDK supports multiple build modes to accommodate different development preferences:

  • BUILD_STD=cargo (default): Uses the new std-aware cargo build system
  • BUILD_STD=no: Traditional no_std cargo build for minimal footprint
  • BUILD_STD=xargo: Uses xargo build with customized sysroot

Sample Applications

The following sample applications demonstrate various SGX SDK capabilities:

  • backtrace: Stack trace functionality in SGX enclaves
  • cov: Code coverage analysis tools
  • crypto: Cryptographic operations within enclaves
  • helloworld: Basic SGX enclave example
  • httpreq: HTTP client functionality
  • hyper-rustls-https-server: HTTPS server using Hyper and Rustls
  • logger: Logging capabilities for SGX applications
  • regex: Regular expression processing
  • rpc: Remote procedure calls using Tonic and Tokio
  • seal: Data sealing and unsealing operations
  • switchless: Switchless call optimization
  • zlib-lazy-static-sample: Compression with lazy static initialization

Note: Migration of additional v1.1 samples to v2.0 is ongoing.

Getting Started

For detailed installation instructions, development guides, and API documentation, please visit:

Contributing

Apache Teaclave™ is developed in the open following The Apache Way. We strive to maintain a project that is community-driven and inclusive.

We welcome all forms of contributions. Please refer to our Contributing Guide for more information. A big thank-you to all our contributors!

Community