Open-source runtime for Intel TDX confidential VMs. Runs as PID 1. Unix socket API. No networking in the enclave — minimal attack surface by design.
Everything you need to run workloads in a sealed TDX VM. Nothing you don't.
Runs as the init process inside the sealed VM. Mounts filesystems, configures network, reaps zombies, manages the full workload lifecycle.
Newline-delimited JSON over /var/lib/easyenclave/agent.sock. Deploy, attest, exec, monitor — all through one socket. No HTTP server in the enclave.
The runtime itself has zero networking code. Workloads handle their own connectivity. Minimal attack surface — the enclave boundary is tight.
Generate cryptographic quotes via configfs-tsm. Prove your code is running unmodified on real TDX hardware. Supports nonce-based fresh attestation.
Deploy static binaries pulled straight from GitHub releases (no registry, no Dockerfile), or run bare commands. The runtime watches the release, downloads the asset, runs it as a native process. Same API for both.
The attach socket method bridges a PTY-backed shell over the unix socket. Real terminal sessions for ops, not polling hacks — cd persists, vim works, htop paints. Proxied through dd-client's xterm.js dashboard in the fleet model.
Read every line. Audit every build. The enclave runtime is fully open, fully auditable. Built for production confidential computing workloads.
Boot a TDX VM with EasyEnclave as PID 1. Connect via unix socket. Deploy workloads.
The TDX VM starts with EasyEnclave as its init process. It mounts filesystems, loads config, pre-fetches any GitHub release binaries listed in the boot workloads, and starts listening on the unix socket.
Your client connects to /var/lib/easyenclave/agent.sock. Send JSON, get JSON back. No HTTP overhead.
Send a deploy request with a GitHub release (owner/repo + asset) or a bare command. EasyEnclave downloads the binary into its bin dir, makes it executable, starts it as a process. Status and logs tracked automatically.
Request a TDX attestation quote with an optional nonce. The hardware generates a cryptographic proof that the exact measured code is running inside the sealed VM.
EasyEnclave is the sealed boundary. Workloads run inside it.
TDX VM (hardware-sealed memory) | +-- easyenclave (PID 1) | | | +-- unix socket: /var/lib/easyenclave/agent.sock | | | +-- workload: your-client (web dashboard, API, etc) | | connects to socket for deploy/attest/logs | | | +-- workload: your-app (native process) | handles its own networking | +-- attestation: configfs-tsm (/sys/kernel/config/tsm/report) +-- release fetch: GitHub Releases API over rustls (compiled into easyenclave)
Newline-delimited JSON. Send a request, get a response. One method per line.
→ {"method":"health"} ← {"ok":true,"attestation_type":"tdx","workloads":2,"uptime_secs":3600}
→ {"method":"deploy","github_release":{"repo":"owner/repo", "asset":"app"},"cmd":["app"],"app_name":"myapp"} ← {"ok":true,"id":"abc123","status":"deploying"}
→ {"method":"attest","nonce":"deadbeef"} ← {"ok":true,"quote_b64":"AQAAAA..."}
→ {"method":"exec","cmd":["uname","-a"]} ← {"ok":true,"exit_code":0,"stdout":"Linux..."}
→ {"method":"list"} ← {"ok":true,"deployments":[{"app_name":"myapp","status":"running"}]}
→ {"method":"stop","id":"abc123"} ← {"ok":true}
→ {"method":"attach","cmd":["/bin/sh"]} ← {"ok":true,"attached":true} // rest of the connection is a raw byte stream // bridging a PTY-backed shell
Clone, build, run.
git clone https://github.com/easyenclave/easyenclave cd easyenclave cargo build --release # Run in a TDX VM (as PID 1) or locally for dev ./target/release/easyenclave