Safeheron SGX Native Development Framework

The Safeheron SGX Native Development Framework is an internally incubated infrastructure project at Safeheron, designed to reduce the complexity of Intel SGX TEE development in blockchain and other emerging fields while enhancing development efficiency and security. The framework provides comprehensive optimizations in build system, system modules, functionality extensions, testing support, secure storage, interface simplification and cryptographic support, addressing multiple pain points in SGX development.

CMake-Integrated SGX Build Framework

To support the separation of Enclave and App architectures, this framework builds a CMake-compatible compilation system, optimizing modular development, dependency management, and cross-component integration, significantly reducing the complexity of SGX project builds.

Key System Functionality Supplements

To address the limitations of SGX’s standard library support, this framework provides:

High-precision time support (millisecond, microsecond, nanosecond levels).
Secure untrusted memory allocation, optimizing Enclave-to-App data interactions while ensuring secure access.
File system access support, providing essential file system interaction capabilities.

Advanced Utility Extensions

To mitigate the lack of third-party libraries in the SGX environment, the framework offers:

TOML configuration file management, ensuring secure configuration parsing and management.
JSON parsing support, delivering efficient JSON handling for improved data exchange.
High-precision numerical computation, applicable to cryptographic and financial applications requiring precise calculations.
Logging system support, offering an SGX-compatible logging framework for debugging and error analysis.
HTTP functionality, encapsulating secure HTTP client and server communication interfaces, enhancing Enclave's networking capabilities.

SGX TEE Testing Framework

To address the challenges of testing SGX code, the framework provides:

Unit and integration testing in a trusted environment, improving test coverage and stability.
A secure testing environment, allowing functionality validation without compromising Enclave isolation.
Compatibility with Continuous Integration (CI) to ensure SGX code maintainability and engineering quality.

Secure and Encrypted File I/O

The framework enhances object-oriented file stream support, extending beyond the MRSIGNER mechanism to incorporate multiple encryption schemes:

MRENCLAVE-bound secure storage, ensuring that data is accessible only by a specific Enclave.
Flexible key derivation and encryption mechanisms, improving file storage security and compatibility.

Intuitive SGX API Design with OOP

To reduce the complexity of core SGX function interfaces, the framework provides object-oriented API encapsulations for key SGX features:

Sealing (Secure Storage): High-level APIs for simplified encrypted storage and key management.
Remote Attestation: Encapsulated SGX remote attestation processes, making trust verification more intuitive and easy to use.

Advanced Cryptographic Support for Blockchain

The framework implements core cryptographic algorithms for blockchain, providing fundamental support for Multi-Party Computation (MPC) protocols and Zero-Knowledge Proof (ZKP) protocols. It ensures secure and high-performance cryptographic computation within SGX-protected environments.

Conclusion

The Safeheron SGX Native Development Framework allows developers to efficiently and securely build applications for blockchain, MPC, privacy computing, and cloud security, accelerating the adoption of SGX in trusted computing environments.

CMake-Integrated SGX Build Framework​

Key System Functionality Supplements​

Advanced Utility Extensions​

SGX TEE Testing Framework​

Secure and Encrypted File I/O​

Intuitive SGX API Design with OOP​

Advanced Cryptographic Support for Blockchain​