SGX support

Faasm provides SGX support using WAMR.

Quick start

To configure SGX, we must build the code with the desired SGX flavour: disabled (no SGX functionality), simulation (default), or hardware.

First, access an SGX-enabled docker-based CLI:

WASM_VM=sgx-sim faasmctl cli.faasm

inv dev.cmake --sgx Disabled|Simulation|Hardware

Note that to run in hardware mode, you must have an SGX-capable CPU where SGX has been enabled. To check you may run:

inv dev.cc detect_sgx
inv sgx.check

Then, to run functions using SGX compile them as usual, and set the WASM_VM environment variable to “sgx”.

# Start development cluster, and log into the cpp container
faasmctl cli.cpp

# Compile the demo function
inv func demo hello

# Exit the cpp container, and log into the CLI one
exit
faasmctl cli.faasm

# Set SGX as our execution mode of choice, and operate as usual
export WASM_VM="sgx"

# Generate machine code
inv codegen demo hello

# Run the code
inv run demo hello

To run a development cluster with SGX run:

WASM_VM=sgx(-sim) faasmctl deploy.compose --mount-source

To run SGX in an Azure kubernetes cluster, see the relevant repositories: experiment-base and experiment-sgx.

Remote Attestation

Attesting an SGX enclave consists of two steps:

Generating a quote for the attested enclave.
Validate the enclave’s quote with a remote attestation service.

Faasm’s implementation of remote attestation uses Microsoft Azure’s attestation service.

Quote Generation

An enclave quote is an enclave’s report signed by the platform’s Quoting Enclave (QE). An enclave report is a measure of the enclave’s memory content signed to the enclave’s identity. The QE is a special-purpose Intel-provisioned singleton enclave running in all SGX-enabled and SGX-capable platforms. This means we can only generate a quote in hardware mode.

Additionally, quote generation can happen in two modes in-proc and out-of-proc. The latter is the preferred one for performance and memory consumption, and it is also the required mode for integration with AKS. To generate a quote in out-of-proc mode, we need to run a service that wraps the QE and signs reports on demand. This service is called AESM, and it listens for incoming requests in a UNIX socket. In a development cluster, we deploy this service as part of our container mesh. In an AKS cluster this service is provided by the AKS runtime.

As an artifact of the quote generation process we have a byte array with the enclave’s quote. We persist useful information, together with the quote, in a helper class: sgx::EnclaveInfo.

Quote Validation

To validate an enclave’s quote, we need to send a request to attest an SGX enclave to an Azure Attestation Provider, link to the API. If the request goes through (i.e. the enclave’s quote passes the policy loaded in the attestation provider) we receive a JWT. Before deeming the attestation as valid, we check the integrity of the actual JWT.

Update SGX SDK and PSW version

We use SGX SDK and PSW version 2.15.1 as defined in sgx.dockerfile. If you want to upgrade the version, change it there, and create a new docker image using:

inv docker.build -c base-sgx -c base-sgx-sim --nocache --push

The image will be tagged with the current code version, which you will have to amend in base.dockerfile.