Need help with graphene?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

644 Stars 235 Forks GNU Lesser General Public License v3.0 2.3K Commits 239 Opened issues


Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support

Services available


Need anything else?

Contributors list

Graphene Library OS with Intel SGX Support

.. image:: :target: :alt: Documentation Status

A Linux-compatible Library OS for Multi-Process Applications

.. This is not |~|, because that is in rst_prolog in, which GitHub cannot parse. GitHub doesn't appear to use it correctly anyway... .. |nbsp| unicode:: 0xa0 :trim:

.. highlight:: sh

NOTE: We are in the middle of transitioning our buildsystem to Meson, and the build procedures are changing. See

Building instructions
__ for an up-to-date build tutorial.

What is Graphene?

Graphene is a |nbsp| lightweight library OS, designed to run a single application with minimal host requirements. Graphene can run applications in an isolated environment with benefits comparable to running a |nbsp| complete OS in a |nbsp| virtual machine -- including guest customization, ease of porting to different OSes, and process migration.

Graphene supports native, unmodified Linux binaries on any platform. Currently, Graphene runs on Linux and Intel SGX enclaves on Linux platforms.

In untrusted cloud and edge deployments, there is a |nbsp| strong desire to shield the whole application from rest of the infrastructure. Graphene supports this “lift and shift” paradigm for bringing unmodified applications into Confidential Computing with Intel SGX. Graphene can protect applications from a |nbsp| malicious system stack with minimal porting effort.

Graphene is a growing project and we have a growing contributor and maintainer community. The code and overall direction of the project are determined by a diverse group of contributors, from universities, small and large companies, as well as individuals. Our goal is to continue this growth in both contributions and community adoption.

Working towards production ready Graphene by Q2’21

Graphene has evolved a |nbsp| lot since our last major release and at this point we have significantly reworked most of the research code towards building a |nbsp| production ready Graphene by end of Q2’21. We have a |nbsp| growing set of well tested applications including machine learning frameworks, databases, webservers, and programming language runtimes.

Graphene also supports many features for deploying secure solutions with SGX. These include full SGX Attestation support (EPID/DCAP), protected files support, and multi-process support with encrypted IPC. Graphene also supports a |nbsp| number of performance optimizations for SGX including support for asynchronous system calls.

Graphene is ready to be deployed in cloud environments with full support for automatic container integration, using Graphene Shielded Containers (GSC).

We have been actively developing, testing, and validating Graphene. The effort to review and harden security of Graphene is ongoing.

The most important problems (which include major security issues) are tracked in

#1544 (Production blockers) 
__. Our roadmap is to address the majority of the remaining production blockers by Q2’21 and rest will follow in future releases.

Graphene documentation

The official Graphene documentation can be found at Below are quick links to some of the most important pages:

  • Quick start and how to run applications
  • Complete building instructions
  • Graphene manifest file syntax
  • The Graphene Shielded Containers (GSC) tool
  • Performance tuning & analysis of SGX applications in Graphene
  • Remote attestation in Graphene

Getting help

For any questions, please send an email to [email protected] (

public archive 

For bug reports, post an issue on our GitHub repository:

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.