Options for mixing Python* and C++ code in an Intel® Software Guard Extensions (Intel® SGX) application.
- Attempting to develop untrusted application in Python*.
- Wrote enclave code in C++.
- Unable to determine how to call enclave code from Python-based untrusted application.
Option 1: Create an untrusted application in C++ as a translation layer from the Python* application to the enclave.
Link the untrusted application with the enclave.
The Python* application calls functions in the untrusted application and the untrusted application calls the enclave code on behalf of the Python* application.
Option 2: Implement the entire solution in Python*.
There are several third party solutions that enable you to write native Python* (and other languages) code and run it within an Intel® SGX-protected environment. These third party solutions library operating systems (LibOS).
The easiest way to run your Python* scripts is to use Gramine (formerly known as Graphene) to run your programs in an Intel® SGX-protected environment.
Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.
Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux* and Intel® SGX enclaves on Linux* platforms.
These examples will help you get started running your code on Gramine, protected by Intel® SGX:
Find more third party solutions in the Secure Your Existing Application section of Intel® SGX Get Started.
Since Intel does not produce the LibOS solutions, support for those projects may be provided by the third parties and their communities.