The Enarx interns showcased their demos at OC3 (Open Confidential Conference Conference). What this presentation showed me is that what we’re building with Enarx (though it’s not even finished at this point) is a framework that doesn’t require expertise to use. It’s accessible to beginners, who can easily write and deploy applications with obvious value. This is what made me emotional: Enarx is available to all, usable by all. Not just security experts. Not just Confidential Computing gurus. Everyone. We always wanted to build something that would simplify access to Confidential Computing, and that’s what we, the community, have brought to the world.

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2022/02/22/emotional-about-open-source/

Title: From zero to hero: making Confidential Computing accessible
Author: Nick Vidal
Date: February 17, 2022

How can we make Confidential Computing accessible, so that developers from all levels can quickly learn and use this technology? In this session, we welcome three Outreachy interns, who had zero knowledge of Confidential Computing, to showcase what they've developed in just a few months.

Source: OC3 2022

Link: https://www.oc3.dev

Title: Understanding trust relationships for Confidential Computing
Author: Mike Bursell
Date: February 17, 2022

Confidential Computing requires trust relationships. What are they, how can you establish them, and what are the possible pitfalls? Our focus will be cloud deployments, but we will look at other environments such as telecom and Edge.

Source: OC3 2022

Link: https://www.oc3.dev

The big change in Enarx 0.2.0 is the addition of support for networking. Until now, there wasn’t much you could really do in an Enarx Keep, honestly: you could run an application, but all it could to for input and output was read from stdin and write to stdout or stderr. While this was enough to prove that you could write and compile applications to WebAssembly and run them, any more complex interaction with the world outside the Keep was impossible. So, why is this big news? Well, now it’s possible to write applications that you can talk to over the network.

Source: Alice, Eve and Bob – a security blog

Link: https://aliceevebob.com/2022/02/15/enarx-0-2-0-balmoral-castle/

The Enarx project has published its second release, version 0.2.0, called Balmoral. It now supports WASI networking with pre-opened sockets and SEV-SNP attestation.

Source: Enarx's Blog

Link: https://blog.enarx.dev/balmoral-castle-enarx-0-2-0/

Title: Introduction to Enarx and Confidential Computing
Author: Mike Bursell
Date: February 10, 2022
Link: https://www.youtube.com/watch?v=OT2z-W3TNPc

Source: Confidendial Computing Fellowship

Link: https://www.youtube.com/embed/OT2z-W3TNPc

Title: Logging, debugging and error management in Confidential Computing
Author: Mike Bursell
Date: Saturday, February 5, 2022, 13:25 AM - 13:50

Debugging applications is an important part of the development process. However, error messages and general logging can leak sensitive data, and in some cases even compromise your whole stack, as developers worldwide have recently learned from the log4j vulnerability.

With Confidential Computing, the world gets much more complicated, as every piece of information that a malicious entity on the host (including the host itself!) can gather may be leaking vital information about your workload. This talk details some of the problems that arise, and discusses some options to address them whilst considering real life workloads and application lifecycles.

Full Abstract

Log entries and other error messages can be very useful, but they can also provide information to other parties - sometimes information which you’d prefer they didn’t have. This is particularly true when you are thinking about Confidential Computing: running applications or workloads in environments where you really want to protect the confidentiality and integrity of your application and its data.

This talk examines some of the issues that we need to consider when designing Confidential Computing frameworks, the applications we run in them, and their operations. Designers and architects of the TEE infrastructure and even, to a lesser extent, of potential workloads themselves, need to consider very carefully the impact of host gaining access to messages associated with the workload and the infrastructure components. It is, realistically, infeasible to restrict all communication to levels appropriate for deployment, so it is recommended that various profiles are created which can be applied to different stages of a deployment, and whose use is carefully monitored, logged (!) and controlled by process.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Title: WebAssembly + Confidential Computing
Author: Nick Vidal
Date: Saturday, February 5, 2022, 10:55 AM - 11:20 AM

The Enarx project reached a huge milestone: its first official release, featuring WebAssembly runtime. WebAssembly and Confidential Computing are a great match because WebAssembly offers developers a wide range of language choices, it works across silicon architectures, and it provides a sandboxed environment. This presentation will highlight the benefits of WebAssembly to Confidential Computing and showcase some demos.

Full Abstract

After 3 years since its inception, the Enarx project finally had its first official release, bringing WebAssembly to Confidential Computing.

Enarx is a deployment framework for running applications in TEE instances – which we refer to as “Keeps” – without the need to trust lots of dependencies, without the need to rewrite the application, and without the need to implement attestation separately.

The WebAssembly runtime, based on wasmtime, offers developers a wide range of language choices for implementation, including Rust, C, and C++. It is designed to work across silicon architectures transparently to the user so that the application can run equally simple on Intel platforms (SGX or the recently-announced TDX), AMD platforms (SEV) or forthcoming platforms such as Arms’ Realms and IBM’s PEF - all without having to recompile the application code. WebAssembly's sandbox model offers an extra layer of protection, isolating the application from the host.

Source: FOSDEM 2022

Link: https://fosdem.org/2022/schedule/track/hardware_aided_trusted_computing/

Title: Open Source Mentorship
Author: Nick Vidal and Yashovardhan Agrawal
Date: February 2, 2022

Source: GitHub Education

Link: https://www.twitch.tv/videos/1284411659

• Ben
• Jarkko
• Mike
• Nick
• Paul

Agenda

Upcoming Events​

• 2022-02-05: FOSDEM (2 talks approved)
  • Logging, debugging and error management in Confidential Computing - Mike Bursell
  • WebAssembly + Confidential Computing - Nick Vidal
• 2022-02-10: CCC TAC Tech Talk - Confidential Computing Fellowship (LFX leadership invited);
• 2022-02-17: OC3 (2 talks approved)
  • Understanding trust relationships for Confidential Computing - Mike Bursell
  • From zero to hero: making Confidential Computing accessible - Nick Vidal
• 2022-03-24: Open Source Festival (Lagos, Nigeria)
• 2022-04-07: FOSSASIA Summit
• 2022-05-16: KubeCon + CloudNative Europe (Valencia, Spain)
  • CN Wasm Day (CFP deadline: 2022-02-28)
  • CN SecurityCon (CFP deadline: 2022-02-14)
• 2022-06-06: RightsCon (CFP deadline: 2022-01-20)
• 2022-06-09: RSA Conference
• 2022-06-21: Open Source Summit North America (Austin, U.S.)
  • CloudOpen
  • 2022-06-23: Linux Securit Summit
• 2022-06-22: InfoSec Europe (London)
• 2022-07-28: SCALE (Pasadena, U.S. - awaiting results)
• 2022-08-06: Black Hat USA (Las Vegas, U.S.)
• 2022-08-11: DEF CON 30 (Las Vegas, U.S.)
• 2022-08-23: Open Source Summit Latin America (Virtual)
• 2022-09-13: Open Source Summit Europe (Dublin, Ireland)
  • CloudOpen
  • Linux Security Summit
• 2022-10-24: KubeCon + CloudNativeCon North America (Detroit, U.S.)
  • Confidential Computing Developer Summit
• 2022-10-30: All Things Open (Raleigh, U.S.)
• 2022-12-05: Black Hat Europe

TBD:​

• Rustconf
• WebAssembly Live
• WebAssembly Summit
• ShmooCon