Intel® Software Guard Extensions
Whether your goal is to enhance the security of your current application or develop your own customized solution, Intel provides the tools and resources to guide you in meeting your security objectives.
Using the library operating system (LibOS) technology allows you to take your existing application, with little or no modifications, and protect it in an Intel® Software Guard Extensions (Intel® SGX) enclave. Commercial and open source LibOS options are available. For new application development, you have a variety of SDK options that support Intel SGX.
Once your application is ready, it is fast and simple to work with one of the many cloud service providers offering Intel SGX. You can also buy and install your own server that's capable for Intel SGX from your preferred original equipment manufacturer (OEM).
Secure Your Existing Application
The following open source LibOS projects support Intel SGX.
- Home Page
- Introduction to Gramine
- Solution Brief
- Gramine Project GitHub*
- Confidential Computing Consortium: Gramine Webinar
- Intel SGX and Linux* Kernel Library (LKL) GitHub
- Mystikos GitHub
The following companies offer commercial LibOS solutions that support Intel SGX.
Build Your Application
To start building your application so that it can use Intel SGX, you need to first choose an SDK.
- Intel SGX SDK for Linux
- Prebuilt Binary Downloads
- Open Source Repository
- Intel SGX SDK for Windows*
- Fortanix Enclave Development Platform
- Open Enclave SDK
- Teaclave / Teaclave SGX SDK
- Edgeless Systems EGo
- Edgeless RT GitHub
All SDKs include documentation and tools to get you started quickly.
- Documentation (Release Notes, Developer Guide, Developer Reference, Installation Guide, Get Started Guide)
- Sample source code
Where to Run Your Application
Quickly access a server enabled for Intel SGX from one of the many cloud service providers (CSPs) that offer Intel SGX. These CSPs already built out the infrastructure that facilitates using Intel SGX attestation. Bring your existing or new application to the CSP, and then figure out the size of enclave you need.
Alternatively, you can buy and install a server in your data center. Almost all of Intel's OEMs offer 3rd generation Intel® Xeon® Scalable Processors with Intel SGX.
To find an Intel® Xeon® processor that supports Intel SGX, see Product Specifications.
Your OEM can provide you with the latest configuration documents. Here are some examples:
- Configure Intel SGX Control Options
- Enable Intel SGX
- Intel SGX for SuperMicro Severs* Enabling Guide
- Enable Intel SGX on Lenovo ThinkSystem* v2 Servers
After Intel SGX is enabled on your server, you need to set up an attestation infrastructure. For directions, see Attestation & Provisioning Services.
For a more complete list of CSPs and OEMs that offer Intel SGX, see Product Offerings.