A Linux-compatible Library OS for Multi-Process Applications
PLEASE NOTE THAT GRAMINE-TDX IS CONSIDERED AN EXPERIMENTAL PROJECT!
THIS SOFTWARE COMES WITH NO WARRANTIES, USE AT YOUR OWN RISK!
Gramine (formerly called Graphene) is a lightweight library OS, designed to run a single application with minimal host requirements. Gramine can run applications in an isolated environment with benefits comparable to running a complete OS in a virtual machine -- including guest customization, ease of porting to different OSes, and process migration.
Gramine supports native, unmodified Linux binaries on any platform. Currently, Gramine runs on Linux and Intel SGX enclaves on Linux platforms.
In untrusted cloud and edge deployments, there is a strong desire to shield the whole application from rest of the infrastructure. Gramine supports this “lift and shift” paradigm for bringing unmodified applications into Confidential Computing with Intel SGX. Gramine can protect applications from a malicious system stack with minimal porting effort.
Gramine is a growing project and we have a growing contributor and maintainer community. The code and overall direction of the project are determined by a diverse group of contributors, from universities, small and large companies, as well as individuals. Our goal is to continue this growth in both contributions and community adoption.
Note that the Gramine project was formerly known as Graphene. However, the name "Graphene" was deemed too common, could be impossible to trademark, and collided with several other software projects. Thus, a new name "Gramine" was chosen.
The official Gramine documentation can be found at https://gramine.readthedocs.io. Below are quick links to some of the most important pages:
We maintain a list of companies experimenting with Gramine for their confidential computing solutions.
For any questions, please use GitHub Discussions or join us on our Gitter chat.
For bug reports and feature requests, post an issue on our GitHub repository.
If you prefer emails, please send them to [email protected] (public archive).
Please report security issues to [email protected]. See also our security policy.