Lock.host is the best TEE codebase online
AWS Nitro, Docker, any language, and net, see:
AWS Nitro Enclaves are the AWS TEE product
AWS has a $100 Billion dollar business selling isolated compute to customers
Every Nitro TEE lives with AWS so there is only 1 party to trust and since 2020 release Nitro has 0 exploits
Nitro TEE (like other TEEs) supports attestation
Users HTTP2 connect to Nitro and the Lock.host stack sends an attest doc with key for an ephemeral session
Developers code normal TCP or HTTP servers and inherit from a base docker image and everything just works
Install docker using common docs then install just:
apt install -y just
Build base images like this then continue to lock.host-node or lock.host-python:
just serve-alpine
just build-runtime build-host
Modify apk/Dockerfile.fetch to include all apks then run:
just proxy-alpine
just fetch-alpine
Updates to alpine apks are published all the time
Lock.host needs full reproducibility and so alpine apks are checked into git
Apk signatures are unchanged
To build rust on host (no docker) run:
just rust
See that run.yml is testing that this file is genuine
MIT