Open sourcing code, in particular for sensitive security related applications, is our best and perhaps only chance for free societies as we move collectively farther out into the digital divide between physical and virtual realities.

Sponsored by RedHat, Enarx not only rolls off the tongue, but is also seeking to address the issue of trust across multiple targets and hardware vendors by providing a cross-platform framework for integrity and privacy of “data-in-use”.

Excerpt from Enarx Github….

What is Enarx?

Enarx is an application deployment system enabling applications to run within Trusted Execution Environments (TEEs) without rewriting for particular platforms or SDKs. It handles attestation and delivery into a run-time “Keep” based on WebAssembly, offering developers a wide range of language choices for implementation. Enarx is CPU-architecture independent, enabling the same application code to be deployed across multiple targets, abstracting issues such as cross-compilation and differing attestation mechanisms between hardware vendors. Work is currently underway on AMD SEV and Intel SGX.

We’ve known for a long time that we need encryption for data at rest and in transit: Enarx helps you do encryption for data in use.

Enarx Github


Excerpt from

Auditability and trust

This brings us to possibly the most important reasons for making Enarx open source: auditability and trust. Enarx is a security-related project, and I believe passionately not only that security should be done in the open but also that if anybody is actually going to trust their sensitive data, algorithms, and workloads to a piece of software, then they want to be in a position where as many experts as possible have looked at it, scrutinised it, criticised it, and improved it, whether that is the people running the software, their employees, contractors, or (even better) the wider security community. The more people who check the code, the happier you should be to trust it. This is important for any piece of security software, but it is vital for software such as Enarx, which is designed to protect your most sensitive workloads.


Read more about this interesting project over at…