Gramine (formerly called "Graphene") is a lightweight library OS, designed to run a single Linux application in an isolated environment. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms. With Intel SGX support, Gramine can secure a critical application in a hardware-encrypted memory region and protect the application from a malicious system stack with minimal porting effort ("lift and shift" approach).
Several major events happened to the Gramine project in 2021. Gramine changed its name, moved to a new GitHub repository, and joined Confidential Computing Consortium. The first production-ready release of Gramine -- v1.0 -- was published in October 2021. This talk will discuss all these events, as well as the current status of the project and its future plans.
Speakers: Dmitrii Kuvaiskii