• Stars
    star
    171
  • Rank 222,266 (Top 5 %)
  • Language
    C++
  • License
    Other
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DISCONTINUATION OF PROJECT

This project will no longer be maintained by Intel.

Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.

Intel no longer accepts patches to this project.

If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.

Contact: [email protected]

Intel® Software Guard Extensions (SGX) Remote Attestation End-to-End Sample for EPID Attestations

Introduction

This code sample demonstrates the procedures that must be followed when performing Remote Attestation for an Intel SGX enclave when using EPID attestations. The code sample includes both a sample ISV (independent software vendor) client (and its enclave) and ISV remote attestation server. It has been tested on the following platforms:

Linux

  • Ubuntu 18.04
  • Centos* 7.4

Microsoft Windows*

  • Windows 10 64-bit

For complete information on remote attestation, see the white paper on Intel's Developer Zone.

For more information on developing applications with Intel SGX, visit the Intel SGX landing zone.

What's New

See the full release history.

v3.1

Release on 6/25/2020.

  • Default to version 4 of the Attestation API.

  • Remove references to the PSE in Linux builds.

License

Except as otherwise noted, source code is made available under the Intel Sample Source Code license. See the LICENSE file for terms.

Building the Sample

For simplicity, the client and server are packaged and built together. In a real-world environment, these would be separate builds.

The service provider's remote attestation server does not require Intel SGX hardware or software to run. The server in this code sample requires the Intel SGX SDK header files in order to simplify the code and build process, but this is not strictly necessary.

Linux

Prerequisites

$ openssl version
  • If necessary, download the source for the latest release of OpenSSL 1.1.0, then build and install it into a non-system directory such as /opt (note that both --prefix and --openssldir should be set when building OpenSSL 1.1.0). For example:
$ wget https://www.openssl.org/source/openssl-1.1.0i.tar.gz
$ tar xf openssl-1.1.0i.tar.gz
$ cd openssl-1.1.0i
$ ./config --prefix=/opt/openssl/1.1.0i --openssldir=/opt/openssl/1.1.0i
$ make
$ sudo make install

Configure and compile

First, prepare the build system (GNU* automake and autoconf) by running bootstrap, and then configure the software package using the configure command. You'll need to specify the location of OpenSSL 1.1.0. See the build notes section for additional options to configure.

$ ./bootstrap
$ ./configure --with-openssldir=/opt/openssl/1.1.0i
$ make

As this is a code sample and not a production application, 'make install' is not implemented.

Both make clean and make distclean are supported.

Linux build notes

User agents

The service provider sample supports two user agents on Linux for communicating with the Intel Attestation Server (IAS): libcurl and wget.

The wget agent runs wget via execvp(2) to GET and POST data to IAS.

The libcurl agent does not depend on external commands. Pre-packaged distributions of libcurl are typically built against OpenSSL, GnuTLS, or NSS.

libcurl may be built against your local distribution's OpenSSL package (which is 1.0.x for the supported OS's). If so, you will receive a warning message at link time which can be ignored. Only libcrypto is required from the OpenSSL 1.1.0 build and it will not conflict with libcurl's OpenSSL dependencies.

Configuration options

You can disable libcurl at build time by supplying --disable-agent-libcurl to configure, in which case the server will fall back to using wget as its agent.

The configure script will attempt to auto-detect your Intel SGX SDK directory, but if for some reason it can't find it, then you should supply the path via --with-sgxsdk=PATH.

You can build the client for simulation mode using --enable-sgx-simulation. Note that Remote Attestation will fail for clients running in simulation mode, as this mode has no hardware protection.

Windows

Prerequisites

Configure and Compile

  • Open the Solution file remote-attestation-sample.sln in the vs/ subdirectory.

  • Set the configuration to "Debug" and the platform to "x64".

  • Configure the client build

    • Open the client project properties

    • Navigate to "C/C++ -> General" and edit "Additional Include Directories" to include your OpenSSL include path. This is pre-set to C:\OpenSSL-Win64\include which is the default location for the recommended OpenSSL package for Windows.

    • Navigate to "Linker -> General" and edit "Additional Library Directories" to C:\OpenSSL-Win64\lib

  • Configure the server build

    • Open the sp project properties

    • Navigate to "Linker -> Additional Library Directories" and edit "Additional Library Directories" to include your OpenSSL library path. This is pre-set to C:\OpenSSL-Win64\lib\VC\ which is the default install location.

  • Build the Solution. The binaries will be written to vs\x64\Debug

Running the Sample (Quick Start Guide)

By default, the server listens on port 7777 and the client connects to localhost. The server will make use of system proxy settings when contacting IAS.

The client and server use a very simplistic network protocol with no error handling and no encryption. Messages are sent using base 16 encoding (printed hex strings) for easy reading and interpretation. The intent here is to demonstrate the RA procedures and the modified Sigma protocol, not model a real-world application. It's assumed that a real ISV would integrate RA flows into their existing service infrastructure (e.g. a REST API implemented over a TLS session).

Enclave Verification Policy

The build process automatically generates a file named policy on Linux (policy.cmd on Windows) which contains the enclave verification policy settings. The server validates the enclave by examining the contents of the report, and ensuring the following attributes in the report match those specified in the policy file:

  • The enclave's MRSIGNER value (this is a SHA256 hash generated from the signing key)

  • The Product ID number ('''ProdID''' in Enclave.config.xml)

  • The software vendor's enclave version number ('''ISVSVN''' in Enclave.config.xml)

  • Whether or not the enclave was built in debug mode

The policy file is prepopulated with the correct values. By modifying the parameters in the policy file, you can create requirements that the enclave report doesn't meet and thus trigger attestation failures.

This demonstrates one of the key functions of remote attestation: the client enclave can be rejected if it originates from an unrecognized signer, contains an unrecognized product identifier, or if it's simply too old. The first prevents unauthorized and unknown enclaves from using the service. The latter two allows software venders to force end users to update their software.

The policy file is also set to specifically allow debug-mode enclaves. ''This is acceptable for a code sample, but a debug-mode enclave should never, ever be accepted by production service provider!''

Linux

Two wrapper scripts, run-client and run-server are provided for convenience. These are Bourne shell scripts that do the following:

  • Set LD_LIBRARY_PATH
  • Parse the settings and policy files (which are sourced as shell scripts)
  • Execute the client or server application with the corresponding command-line options

You can pass command-line options to the underlying executables via the wrapper scripts.

To execute:

  • Edit the settings file

  • Run the server:

    ./run-server [ options ] [ port ]
    
  • Run the client:

    ./run-client [ options ] [ host[:port] ]
    

The policy file is automatically generated for you from the Enclave metadata in Enclave_config.xml and the signed enclave, Enclave.signed.so. In order to test the policy validation functions, you can edit the parameters in this file and restart the server. Your changes will be lost, however, if you do a make clean.

Windows

Two wrapper scripts, run-client.cmd and run-server.cmd are provided for convenience. These are Windows CMD-style batch files that do the following:

  • Parse the settings.cmd and policy.cmd files (which are called as batch files)

  • Execute the client.exe or sp.exe applications with the corresponding command-line options.

You can pass command-line options to the underlying executables via the wrapper scripts. Note that it expects UNIX-style syntax (dashes), not Windows-style (slashes).

To execute:

  • Edit the settings.cmd file

  • Run the server:

    run-server [ options ] [ port ]
    
  • Run the client:

    run-client [ options ] [ host[:port] ]
    

The policy.cmd file is automatically generated for you from the Enclave metadata in Enclave_config.xml and the signed enclave, Enclave.signed.dll`. In order to test the policy validation functions, you can edit the parameters in this file and restart the server. Your changes will be lost, however, if you clean or rebuild the project.

Running the Sample (Advanced Options)

Use verbose mode (-v) to see additional details about the messages sent between the client and server. This information is printed to stderr.

Use debug mode (-d) to view debugging information.

Client

usage: client [ options ] [ host[:port] ]

Required:
  -N, --nonce-file=FILE    Set a nonce from a file containing a 32-byte
                           ASCII hex string

  -P, --pubkey-file=FILE   File containing the public key of the service
                           provider.

  -S, --spid-file=FILE     Set the SPID from a file containing a 32-byte
                           ASCII hex string

  -d, --debug              Show debugging information

  -e, --epid-gid           Get the EPID Group ID instead of performing
                           an attestation.

  -l, --linkable           Specify a linkable quote (default: unlinkable)

  -m, --pse-manifest       Include the PSE manifest in the quote

  -n, --nonce=HEXSTRING    Set a nonce from a 32-byte ASCII hex string

  -p, --pubkey=HEXSTRING   Specify the public key of the service provider
                           as an ASCII hex string instead of using the
                           default.

  -q                       Generate a quote instead of performing an
                           attestation.

  -r                       Generate a nonce using RDRAND

  -s, --spid=HEXSTRING     Set the SPID from a 32-byte ASCII hex string

  -v, --verbose            Print decoded RA messages to stderr

  -z                       Read from stdin and write to stdout instead
                           connecting to a server.

By default, the client connects to a server running on localhost, port 7777, and attempts a remote attestation.

If -z is supplied, it will run interactively, accepting input from stdin and writing to stdout. This makes it possible to copy and paste output from the client to the server, and visa-versa.

The -q option will generate and print a quote instead of performing remote attestation. This quote can be submitted as-is to the Intel Attestation Service, and is intended for debugging RA workflows and IAS communications.

The -p and -P options let you override the service provider's public key for debugging and testing purposes. This key is normally hardcoded into the enclave to ensure it only attests to the expected service provider.

Server

usage: sp [ options ] [ port ]
Required:
  -A, --ias-signing-cafile=FILE
                           Specify the IAS Report Signing CA file.

  -N, --mrsigner=HEXSTRING
                           Specify the MRSIGNER value of enclaves that
                           are allowed to attest. Enclaves signed by
                           other signing keys are rejected.

  -R, --isv-product-id=INT
                           Specify the ISV Product Id for the service.
                           Only Enclaves built with this Product Id
                           will be accepted.

  -V, --min-isv-svn=INT
                           The minimum ISV SVN that the service provider
                           will accept. Enclaves with a lower ISV SVN
                           are rejected.

Required (one of):
  -S, --spid-file=FILE     Set the SPID from a file containg a 32-byte
                           ASCII hex string.

  -s, --spid=HEXSTRING     Set the SPID from a 32-byte ASCII hex string.

Required (one of):
  -I, --ias-pri-api-key-file=FILE
                           Set the IAS Primary Subscription Key from a
                           file containing a 32-byte ASCII hex string.

  -i, --ias-pri-api-key=HEXSTRING
                           Set the IAS Primary Subscription Key from a
                           32-byte ASCII hex string.

Required (one of):

  -J, --ias-sec-api-key-file=FILE
                           Set the IAS Secondary Subscription Key from a
                           file containing a 32-byte ASCII hex string.

  -j, --ias-sec-api-key=HEXSTRING
                           Set the IAS Secondary Subscription Key from a
                           32-byte ASCII hex string.

Optional:
  -B, --ca-bundle-file=FILE
                           Use the CA certificate bundle at FILE (default:
                           /etc/ssl/certs/ca-certificates.crt)

  -D, --no-debug-enclave   Reject Debug-mode enclaves (default: accept)

  -G, --list-agents        List available user agent names for --user-agent

  -K, --service-key-file=FILE
                           The private key file for the service in PEM
                           format (default: use hardcoded key). The
                           client must be given the corresponding public
                           key. Can't combine with --key.

  -P, --production         Query the production IAS server instead of dev.

  -X, --strict-trust-mode  Don't trust enclaves that receive a
                           CONFIGURATION_NEEDED response from IAS
                           (default: trust)

  -d, --debug              Print debug information to stderr.

  -g, --user-agent=NAME    Use NAME as the user agent for contacting IAS.

  -k, --key=HEXSTRING      The private key as a hex string. See --key-file
                           for notes. Can't combine with --key-file.

  -l, --linkable           Request a linkable quote (default: unlinkable).

  -p, --proxy=PROXYURL     Use the proxy server at PROXYURL when contacting
                           IAS. Can't combine with --no-proxy

  -r, --api-version=N      Use version N of the IAS API (default: 4)

  -v, --verbose            Be verbose. Print message structure details and
                           the results of intermediate operations to stderr.

  -x, --no-proxy           Do not use a proxy (force a direct connection),
                           overriding environment.

  -z  --stdio              Read from stdin and write to stdout instead of
                           running as a network server.

You set the user agent with -g (a list of supported agents can be obtained from -G). On Linux, this is one of either wget or libcurl (unless the latter is disabled in the build configuration). On Windows, winhttp is the only agent.

By default, the server uses protocol version 4 when communicating with IAS. This can be changed with -r. Versions 1 and 2 have been deprecated.

You can override the service provider private key with -k or -K. As with the client, this key would normally be hardcoded into the server to prevent it from handling unauthorized clients.

You can force the server to use a proxy when communicating with IAS via -p, or to use a direct connection via -x.

As with the client, the server can be run in interactive mode via -z, accepting input from stdin and writing to stdout. This makes it possible to copy and paste output from the client to the server, and visa-versa.

By default, the server trusts enclaves that result in a CONFIGURATION_NEEDED response from IAS. Enable strict mode with -X to mark these enclaves as untrusted. This is a policy decision: the service provider should decide whether or not to trust the enclave in this circumstance.

Sample output

Client

---- Copy/Paste Msg0||Msg1 Below to SP -------------------------------------
000000006beaf1641d386157559ecbc95330c407442f5169c0adc13e9faa6b94e1011acbdfb157867dbd65633b023cc95a1d19eda341f5bbfed20eebdc04c708b99e40b2e00a0000
----------------------------------------------------------------------------
Waiting for msg2

---- Copy/Paste Msg3 Below to SP -------------------------------------------
d0cf09ac6230516154c174906b2937476beaf1641d386157559ecbc95330c407442f5169c0adc13e9faa6b94e1011acbdfb157867dbd65633b023cc95a1d19eda341f5bbfed20eebdc04c708b99e40b20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e00a00000700060000000000928a6b0e3cddad56eb3badaa3b63f71f26e915240eea8bff76b4f95c099997ff04040204ff8000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000700000000000000c168cba257604a3ba4ac9650cbf02c8bb1474bac999566dd3f9e2e9c7ed0dd280000000000000000000000000000000000000000000000000000000000000000bd71c6380ef77c5417e8b2d1ce2d4b6504b9f418e5049342440cfff2443d95bd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007275d839674afa2a4236b8a98d414db129efdf8264d25dee20b758bd5c589a3b0000000000000000000000000000000000000000000000000000000000000000a802000071b644877107086edf039798938260c194b21e3ee07315692fc8132fe6c051b16f9efabb0351cbd26da9996769ccb8b4b048f7438b0a1fa3da114afd7b549bf39f5ee406e84657b6b98abd3f2d47c07b3a90538dcbba978de8d049879cf68730208cb4b4de24280dd1179086062ab303ac7f5b1dcae6129ea3befeafa1d4dcba800264baa52cf1541c17b664d801f2b51d1bf2e2e231b9bd359d22979194de11162564e76b0bdb9eae825ea684823cb140d2567262e7834483e8a0db0f389f89253f75bf17295b29bb219f6e8dfb68c0e8f836ee6706191321c2c94489e01efd9fa8568cb0c175b85e8c0261a423202bd5a051227a5ef88cc9a798bcebd958dbc4bdf57f377a954112d072123bea83fe7049092e7b5f78a3e3d9af75d34f94bef36ded123364305fc4ae72e168010000a1e4f316f843d77dcdce958bea5111667110e171720c63c0e71e4e497f553790894d058dc36881ce30017263667e24d35b3ea6666840f3c84ee7ec4343e6268d043bdf35a3768a0689bda434e87c0289a9c353584dbe58e7400e763ac0b7d935a3365665363c6d2b607a74c8fc7fe4ed2c9458186b2b9db88a46d4b0d16021f79082873b483b1e593e5ba589f93a462c1fcf0a2122732ed3bc2af337ab2d7e767e644b32ef100948b448a2bf335890c4ef199b2ffc9009b5068e2eecb7b3455c905c2c3e1c4845d753e17d025e04fb983a7994b455244d01345f71b575ad43d381453b848cd6e29cca2947ef3df72fe3ae61bd5bb15d46ba55b262dbdd4060faf7ed787a50e208e970d7dcea273770ace4ee597135766629fd628529cfd6cc28385192ad83506d97bdcacd2e4814a31f6bd1bd6452599b76aff500a24f137428ded821df2893702bb4887fa6fd2bec51b3d0addf94e80e11edb7515b7572a3d911e1f709e3967ea21f3c0c695afca00b29fe6a88e4911a0a
----------------------------------------------------------------------------

---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED

Server

Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1

---- Copy/Paste Msg2 Below to Client ---------------------------------------
e1c252d589daf123e18a20047d48d00dcc36312bba903b56ff62e3282a7991e4c355bc2c62427e003c7830b9f648cae480105fd065866b41fd0255038a9f54d6928a6b0e3cddad56eb3badaa3b63f71f00000100b5d1f9b84fe9e25690b220ad89465ba4d569b3eccbc26d0842666b466e745f8b5079ec3591be5c6ff6fe185d97244c06ffda6f1cb23f600e4b6a04b141df8e2f3c43bbcd7fc375b372c6044ccd414e3300000000
----------------------------------------------------------------------------
Waiting for msg3

---- Copy/Paste Msg4 Below to Client ---------------------------------------
010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
----------------------------------------------------------------------------

More Repositories

1

hyperscan

High-performance regular expression matching library
C++
4,478
star
2

acat

Assistive Context-Aware Toolkit (ACAT)
C#
3,191
star
3

haxm

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)
C
3,029
star
4

appframework

The definitive HTML5 mobile javascript framework
CSS
2,435
star
5

neural-compressor

SOTA low-bit LLM quantization (INT8/FP8/INT4/FP4/NF4) & sparsity; leading model compression techniques on TensorFlow, PyTorch, and ONNX Runtime
Python
2,182
star
6

intel-extension-for-transformers

⚡ Build your chatbot within minutes on your favorite device; offer SOTA compression techniques for LLMs; run LLMs efficiently on Intel Platforms⚡
Python
2,122
star
7

pcm

Intel® Performance Counter Monitor (Intel® PCM)
C++
2,083
star
8

intel-extension-for-pytorch

A Python package for extending the official PyTorch that can easily obtain performance on Intel platform
Python
1,203
star
9

linux-sgx

Intel SGX for Linux*
C++
1,180
star
10

scikit-learn-intelex

Intel(R) Extension for Scikit-learn is a seamless way to speed up your Scikit-learn application
Python
954
star
11

llvm

Intel staging area for llvm.org contribution. Home for Intel LLVM-based projects.
918
star
12

nemu

ARCHIVED: Modern Hypervisor for the Cloud. See https://github.com/cloud-hypervisor/cloud-hypervisor instead
C
915
star
13

compute-runtime

Intel® Graphics Compute Runtime for oneAPI Level Zero and OpenCL™ Driver
C++
912
star
14

caffe

This fork of BVLC/Caffe is dedicated to improving performance of this deep learning framework when running on CPU, in particular Intel® Xeon processors.
C++
850
star
15

isa-l

Intelligent Storage Acceleration Library
C
816
star
16

media-driver

C
783
star
17

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Python
721
star
18

intel-cmt-cat

User space software for Intel(R) Resource Director Technology
C
630
star
19

fastuidraw

C++
603
star
20

optimization-manual

Contains the source code examples described in the "Intel® 64 and IA-32 Architectures Optimization Reference Manual"
Assembly
602
star
21

libipt

libipt - an Intel(R) Processor Trace decoder library
C
594
star
22

libxcam

libXCam is a project for extended camera(not limited in camera) features and focus on image quality improvement and video analysis. There are lots features supported in image pre-processing, image post-processing and smart analysis. This library makes GPU/CPU/ISP working together to improve image quality. OpenCL is used to improve performance in different platforms.
C++
590
star
23

clDNN

Compute Library for Deep Neural Networks (clDNN)
C++
573
star
24

libva

Libva is an implementation for VA-API (Video Acceleration API)
C
558
star
25

intel-graphics-compiler

C++
503
star
26

wds

Wireless Display Software For Linux OS (WDS)
C++
496
star
27

thermal_daemon

Thermal daemon for IA
C++
485
star
28

x86-simd-sort

C++ header file library for high performance SIMD based sorting algorithms for primitive datatypes
C++
485
star
29

Intel-Linux-Processor-Microcode-Data-Files

466
star
30

gvt-linux

C
463
star
31

kernel-fuzzer-for-xen-project

Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL
C
441
star
32

tinycbor

Concise Binary Object Representation (CBOR) Library
C
432
star
33

openfl

An open framework for Federated Learning.
Python
427
star
34

cc-oci-runtime

OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
C
415
star
35

tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.
C
373
star
36

compile-time-init-build

C++ library for composing modular firmware at compile-time.
C++
372
star
37

ARM_NEON_2_x86_SSE

The platform independent header allowing to compile any C/C++ code containing ARM NEON intrinsic functions for x86 target systems using SIMD up to SSE4 intrinsic functions
C
369
star
38

yarpgen

Yet Another Random Program Generator
C++
357
star
39

intel-device-plugins-for-kubernetes

Collection of Intel device plugins for Kubernetes
Go
356
star
40

QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
C
356
star
41

linux-sgx-driver

Intel SGX Linux* Driver
C
334
star
42

safestringlib

C
328
star
43

xess

C
313
star
44

idlf

Intel® Deep Learning Framework
C++
311
star
45

ad-rss-lib

Library implementing the Responsibility Sensitive Safety model (RSS) for Autonomous Vehicles
C++
298
star
46

intel-vaapi-driver

VA-API user mode driver for Intel GEN Graphics family
C
289
star
47

ipp-crypto

C
269
star
48

rohd

The Rapid Open Hardware Development (ROHD) framework is a framework for describing and verifying hardware in the Dart programming language. ROHD enables you to build and traverse a graph of connectivity between module objects using unrestricted software.
Dart
256
star
49

opencl-intercept-layer

Intercept Layer for Debugging and Analyzing OpenCL Applications
C++
255
star
50

FSP

Intel(R) Firmware Support Package (FSP)
C
244
star
51

dffml

The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease.
Python
244
star
52

userspace-cni-network-plugin

Go
242
star
53

intel-ipsec-mb

Intel(R) Multi-Buffer Crypto for IPSec
C
238
star
54

isa-l_crypto

Assembly
232
star
55

confidential-computing-zoo

Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
CMake
229
star
56

bmap-tools

BMAP Tools
Python
227
star
57

intel-extension-for-tensorflow

Intel® Extension for TensorFlow*
C++
226
star
58

ozone-wayland

Wayland implementation for Chromium Ozone classes
C++
214
star
59

intel-qs

High-performance simulator of quantum circuits
C++
202
star
60

SGXDataCenterAttestationPrimitives

C++
202
star
61

intel-sgx-ssl

Intel® Software Guard Extensions SSL
C
197
star
62

msr-tools

C
195
star
63

depth-camera-web-demo

JavaScript
194
star
64

rmd

Go
189
star
65

CPU-Manager-for-Kubernetes

Kubernetes Core Manager for NFV workloads
Python
187
star
66

asynch_mode_nginx

C
186
star
67

hexl

Intel®️ Homomorphic Encryption Acceleration Library accelerates modular arithmetic operations used in homomorphic encryption
C++
181
star
68

ros_object_analytics

C++
177
star
69

zephyr.js

JavaScript* Runtime for Zephyr* OS
C
176
star
70

generic-sensor-demos

HTML
175
star
71

ipmctl

C
172
star
72

lmbench

C
171
star
73

cri-resource-manager

Kubernetes Container Runtime Interface proxy service with hardware resource aware workload placement policies
Go
170
star
74

platform-aware-scheduling

Enabling Kubernetes to make pod placement decisions with platform intelligence.
Go
165
star
75

virtual-storage-manager

Python
165
star
76

PerfSpect

System performance characterization tool based on linux perf
Python
164
star
77

he-transformer

nGraph-HE: Deep learning with Homomorphic Encryption (HE) through Intel nGraph
C++
163
star
78

systemc-compiler

This tool translates synthesizable SystemC code to synthesizable SystemVerilog.
C++
155
star
79

webml-polyfill

Deprecated, the Web Neural Network Polyfill project has been moved to https://github.com/webmachinelearning/webnn-polyfill
Python
153
star
80

pmem-csi

Persistent Memory Container Storage Interface Driver
Go
151
star
81

libyami

Yet Another Media Infrastructure. it is core part of media codec with hardware acceleration, it is yummy to your video experience on Linux like platform.
C++
148
star
82

ros_openvino_toolkit

C++
147
star
83

rib

Rapid Interface Builder (RIB) is a browser-based design tool for quickly prototyping and creating the user interface for web applications. Layout your UI by dropping widgets onto a canvas. Run the UI in an interactive "Preview mode". Export the generated HTML and Javascript. It's that simple!
JavaScript
147
star
84

ideep

Intel® Optimization for Chainer*, a Chainer module providing numpy like API and DNN acceleration using MKL-DNN.
C++
145
star
85

libva-utils

Libva-utils is a collection of tests for VA-API (VIdeo Acceleration API)
C
144
star
86

gmmlib

C++
141
star
87

numatop

NumaTOP is an observation tool for runtime memory locality characterization and analysis of processes and threads running on a NUMA system.
C
139
star
88

ros2_grasp_library

C++
138
star
89

XBB

C++
133
star
90

tdx-tools

Cloud Stack and Tools for Intel TDX (Trust Domain Extension)
C
131
star
91

ros2_intel_realsense

This project is deprecated and no more maintained. Please visit https://github.com/IntelRealSense/realsense-ros for ROS2 wrapper.
C++
131
star
92

linux-intel-lts

C
131
star
93

CeTune

Python
130
star
94

cm-compiler

C++
130
star
95

pti-gpu

Profiling Tools Interfaces for GPU (PTI for GPU) is a set of Getting Started Documentation and Tools Library to start performance analysis on Intel(R) Processor Graphics easily
C++
129
star
96

fMBT

Free Model Based tool
Python
129
star
97

zlib

C
128
star
98

ros_intel_movidius_ncs

C++
126
star
99

mpi-benchmarks

C
125
star
100

mOS

C
124
star