Cloud Deployment

Graphene without Intel SGX can be deployed on arbitrary cloud VMs. Please see our Quick start guide for the details.

To deploy Graphene with Intel SGX, the cloud VM has to support Intel SGX. Please see the installation and usage guide for each cloud VM offering individually below (currently only for Microsoft Azure).

Azure confidential computing VMs

Azure confidential computing services are generally available and provide access to VMs with Intel SGX enabled in DCsv2 VM instances. The description below uses a VM running Ubuntu 18.04 with a the preinstalled Intel SGX DCAP driver (version LD_1.22). To use a different Intel SGX driver, please follow the instructions to uninstall the driver.


Update and install the required packages for Graphene:

sudo apt update
sudo apt install -y build-essential autoconf gawk bison python3-protobuf \
                    libprotobuf-c-dev protobuf-c-compiler libcurl4 python3


  1. Clone Graphene:

    git clone
    cd graphene
    git submodule update --init -- Pal/src/host/Linux-SGX/sgx-driver/
  2. Prepare the signing keys and Graphene kernel driver:

    openssl genrsa -3 -out enclave-key.pem 3072
    cp enclave-key.pem Pal/src/host/Linux-SGX/signer
    cd Pal/src/host/Linux-SGX/sgx-driver
    ISGX_DRIVER_PATH=/usr/src/linux-azure-headers-`uname -r`/arch/x86/ make
    # WARNING: read "Security Implications" section before running this command
    sudo insmod gsgx.ko
    cd -
  3. Build Graphene:

    ISGX_DRIVER_PATH=/usr/src/linux-azure-headers-`uname -r`/arch/x86/ make SGX=1
  4. Build and run helloworld:

    cd LibOS/shim/test/native
    make SGX=1 sgx-tokens
    SGX=1 ./pal_loader helloworld

Security implications

Note that this guide assumes that you deploy Graphene on an untrusted cloud VM. One step in this guide significantly weakens the security of the cloud VM’s Linux kernel: sudo insmod gsgx.ko introduces a local privilege escalation vulnerability. This kernel module enables the FSGSBASE processor feature without proper enabling in the host Linux kernel. Please refer to the documentation under Pal/src/host/Linux-SGX/sgx-driver for more information.

This step is a temporary workaround and will not be required in the future (starting from Linux 5.9). Be aware that the current guide must not be used to set up production environments.

Azure Kubernetes Services (AKS)

Azure Kubernetes Service (AKS) offers a popular deployment technique relying on Azure’s cloud resources. AKS hosts Kubernetes pods in Azure confidential compute VMs and exposes the underlying confidential compute hardware. In particular, Graphene Shielded Containers (GSC) translate existing Docker images to graphenized Docker images, which can be deployed in AKS. Graphenized Docker images execute the application inside an Intel SGX enclave using the Graphene Library OS, thus enabling confidential containers functions on AKS.

This section describes the workflow to create an AKS cluster with confidential compute VMs, graphenize a simple application, and deploy the graphenized Docker image in an AKS cluster.


Follow the instructions on the AKS Confidential Computing Quick Start guide to provision an AKS cluster with Intel SGX enabled worker nodes.

Follow the instructions to set up Graphene Shielded Containers and create your own enclave key.

Graphenizing Python Docker image

This section demonstrate how to translate the Python Docker Hub image to a graphenized image, which is ready to deploy in a confidential compute AKS cluster.


This example relies on insecure arguments provided at runtime and should not be used production. To use trusted arguments, please see the manpage of GSC.

  1. Pull Python image:

    docker pull python
  2. Configure GSC to build graphenized images for AKS with the Graphene Docker Image for AKS from Docker Hub by creating the following configuration file config.aks.yaml:

    Distro: ubuntu18.04
           Image: graphenelibos/aks:latest
  3. Create the application-specific Manifest file python.manifest:

    sgx.allow_file_creation = 1
    sgx.enclave_size = 256M
    sgx.thread_num = 4
  4. Graphenize the Python image and allow insecure runtime arguments:

    ./gsc build --insecure-args -c config.aks.yaml python python.manifest
  5. Sign the graphenized image with your enclave signing key:

    ./gsc sign-image python enclave-key.pem
  6. Push resulting image to Docker Hub or your preferred registry:

    docker tag gsc-python <dockerhubusername>/python:gsc-aks
    docker push <dockerhubusername>/python:gsc-aks

Deploying a “HelloWorld” Python Application in a confidential compute AKS cluster

This example first created an AKS cluster capable to create Intel SGX enclaves and then, created a graphenized Docker image of Python. The goal of this section is to combine both by deploying the Python application in the AKS cluster.

  1. Create job deployment file gsc-aks-python.yaml for AKS. It specifies the underlying Docker image and the insecure arguments (in this case Python code to print “HelloWorld!”):

    apiVersion: batch/v1
    kind: Job
       name: gsc-aks-python
          app: gsc-aks-python
                app: gsc-aks-python
             - name: gsc-aks-python
               imagePullPolicy: Always
               args: ["-c", "print('HelloWorld!')"]
             restartPolicy: Never
       backoffLimit: 0
  2. You may need to follow this guide to pull from a private registry.

  3. Deploy gsc-aks-python job:

    kubectl apply -f gsc-aks-python.yaml
  4. Test job status:

    kubectl get jobs -l app=gsc-aks-python
  5. Receive logs of job:

    kubectl logs -l app=gsc-aks-python
  6. Delete job after completion:

    kubectl delete -f gsc-aks-python.yaml