Linux Foundation: MADANA Membership and Linux Usage
Unlocking the power of open source!
What is the Linux Foundation?
The Linux Foundation supports the creation of sustainable open source ecosystems by providing financial and intellectual resources, infrastructure, services, events, and training. MADANA is proud to be part of this inspirational foundation as a Silver Member (See Members), together with many industry leaders in Tech, Security and Development.
Using Alpine Linux
Alpine Linux is an independent, non-commercial, general purpose Linux distribution designed for power users who appreciate security, simplicity and resource efficiency. Alpine Linux was designed to be lightweight, secure and simple: which fits perfectly with MADANA. Using Alpine Linux allows MADANA to run Linux binaries within our Enclaves. Instead of running only an application or function within an enclave, MADANA’s solution runs the Alpine Linux OS in-enclave allowing our users a whole new way of working with enclaves compared to other solutions.
Linux Kernel Library & SGX
Porting an application to run within an SGX enclave by default is not a simple matter. This is because Intel originally imagined that the enclave would only run small parts of an application within this trusted zone. Running complete, unmodified, complex applications inside an enclave is not possible due to the lack of many features modern day operating systems provide.
The Linux kernel library (LKL) enables projects to use code from the Linux kernel. This is very beneficial when running Intel SGX enclaves, providing all the necessary tools to run unmodified application code, such as filesystem support and access to the full networking stack. Very much as if you were running code inside a Virtual Machine. MADANA CORE uses a fork of the Linux Kernel Library to handle Enclave management, hence providing this repository of high-quality, extensively reviewed and tested code as the base of any application running inside an enclave.
Providing the complete spectrum of modern day OS functions within the enclave not only enables us to run unmodified applications within SGX, but also increases the security of the enclave. By not passing down API calls to the possibly malicious host OS — or even running most parts of the application on the host OS — the attack surface is significantly reduced. Compared to other products that provide support for Intel SGX we are very confident that MADANA CORE is among the most sophisticated enclave solutions to be found.
Check out our Github Fork of the SGX-LKL Library OS for running Linux applications inside of Intel SGX enclaves: Github