This is documentation for the development version of the project, aka master branch. If you installed Gramine from packages, documentation for the stable version is available at

Gramine Shielded Containers

The Gramine Shielded Containers (GSC) tool transforms a base Docker image into a new, “graminized” image which includes the Gramine Library OS and the Gramine-specific app configuration. It uses Gramine to execute the application inside an Intel SGX enclave.

At first a base Docker image has to be graminized via the gsc build command. In a second step, the image must be signed via a gsc sign-image command. Subsequently, the image can be run using docker run.

Note that the GSC tool is split from core Gramine and is hosted here: