How we got here.

One repo, two ambitions

The original easyenclave/easyenclave repository explored two ideas at the same time:

• A small CPU-only TDX runtime. A Rust PID 1 inside a confidential VM, talking to a workload over a unix socket, producing TDX attestation quotes through Linux configfs-tsm. Around 50 MB of image and Linux pieces, plus your workload binary.
• A local GPU inference image. The same runtime, but with CUDA, the NVIDIA driver, vLLM, Python, and a much larger kernel and userspace. Around 7 GB once everything was inside the verity tree.

Both of these worked. They have different threat models, different blast radii, and very different things to attest. Holding them together inside one repo started costing more than it was worth.

What we'd actually be willing to attest

The honest question was: what would we sign our name on?

Confidential computing is supposed to be the place where you care about every byte. The GPU image was many gigabytes of CUDA, vLLM, NVIDIA drivers, Python, kernel, and userspace — useful, but not something a person can sit down and audit end-to-end. Pretending otherwise would have been a nice-looking attestation report tied to software nobody had read.

The CPU-only path was the opposite: small enough to read, small enough to defend. With a zero-data-retention model API on the outside, the same shape supports private model usage — the secrets and session state stay inside the enclave; the model weights stay where they already are.

Where we're going, we don't need a 7 GB attestation report.

What's left, and where it lives

The active project is now easyenclave/easyenclave-mini. The original easyenclave/easyenclave repository stays online as a read-only archive — useful if you want to read the GPU experiment or the older image-shape work, but not where new development happens.

The shape of the runtime didn't change. The decisions about what to leave out did, and the project name now says it out loud: Mini.

Read the manifesto Open Mini on GitHub