Marblerun

Marblerun is a framework for creating distributed confidential-computing apps.

Build your confidential microservices with EGo or another runtime, distribute them with Kubernetes on an SGX-enabled cluster, and let Marblerun take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud.

Confidential computing at scale has never been easier. Marblerun guarantees that the topology of your distributed app adheres to a Manifest specified in simple JSON. Marblerun verifies the integrity of services, bootstraps them, and sets up encrypted connections between them. If a node fails, Marblerun will seamlessly substitute it with respect to the rules defined in the Manifest.

To keep things simple, Marblerun issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.

Key features

• Authentication and integrity verification of microservices with respect to a Manifest written in simple JSON 🔒
• Secrets management for microservices 🔑
• Provisioning of certificates, configurations, and parameters for microservices 📦
• Remote attestation of the entire cluster 🌐

Overview

Supported Runtimes

Marblerun supports services built with one of the following frameworks:

• EGo
• Edgeless RT
• Graphene

More are coming soon.

Quickstart and documentation

See the Getting Started Guide to set up a distributed confidential-computing app in a few simple steps. See the documentation for details.

Working in this repo

BUILD.md includes general information on how to work in this repo.

Get involved

• Follow @EdgelessSystems on Twitter.
• Chat with us on Gitter.

Examples

Hello World

We provide basic examples on how to build confidential apps with Marblerun.

• See helloworld for an example in Go.
• See helloc++ for an example in C++.
• See graphene-hello for an example using Graphene.
• See graphene-nginx for an example of converting an existing Graphene application to a Marble.

Confidential Emoji Voting

The popular Linkerd service mesh uses the simple and scalable emojivoto app as its default demo. You can find our confidential variant here. Your emoji votes have never been more secure! 😉