Introduction to Gramine¶
Gramine is a lightweight guest OS, designed to run a single Linux application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine – including guest customization, ease of porting to different host OSes, and process migration.
Gramine supports running Linux applications using the Intel SGX (Software Guard Extensions) technology (we sometimes call this version Gramine-SGX). With Intel SGX, applications are secured in hardware-encrypted memory regions (called SGX enclaves). SGX protects code and data in the enclave against privileged software attacks and against physical attacks on the hardware off the CPU package (e.g., cold-boot attacks on RAM). Gramine is able to run unmodified applications inside SGX enclaves, without the toll of manually porting the application to the SGX environment.
This website contains the official documentation of Gramine. For external contributions and additional resources, please visit https://gramine-contrib.readthedocs.io. Note that this link contains unofficial documents; these documents are not guaranteed to always be up-to-date and correct.
For GSC (Gramine Shielded Containers) documentation please visit https://gramine.readthedocs.io/projects/gsc.
Building and running Gramine¶
Contacts and Contributing¶
For bug reports, post an issue on our GitHub repository: https://github.com/gramineproject/gramine/issues.
Table of Contents¶
- Quick start
- Manifest syntax
- Attestation and Secret Provisioning
- Cloud Deployment
- Users of Gramine
- GSC (Gramine Shielded Containers)
- Introduction to SGX
- gramine-direct, gramine-sgx – Run something
- gramine-argv-serializer – Serialize command line arguments
- gramine-manifest – Gramine manifest preprocessor
- gramine-sgx-gen-private-key – Gramine SGX key generator
- gramine-sgx-get-token – Gramine SGX token generator
- gramine-sgx-ias-request – Submit Intel Attestation Service request
- gramine-sgx-ias-verify-report – Verify Intel Attestation Service report
- gramine-sgx-quote-dump – Display SGX quote structure
- gramine-sgx-sign – Gramine SIGSTRUCT generator
- is-sgx-available – Check environment for SGX compatibility
- PAL host ABI
- PAL as loader
- Data types and variables
- PAL APIs