Porting applications to the Intel® Software Guard Extensions (Intel® SGX) platform can be cumbersome. To secure an application with Intel SGX, developers must recompile the application executable with the Intel® SGX SDK (Linux* SDK: https://github.com/01org/linux-sgx). Moreover, the secured applications have no access to any OS features, such as opening a file, creating a network connection, or cloning a thread. For any interaction with the host, developers must define untrusted interfaces that the secure applications can call to leave the enclaves.
Graphene Library OS provides the OS features needed by the applications, right inside the Intel SGX enclaves. To secure any applications, developers can directly load native, unmodified binaries into enclaves, with minimal porting efforts. Graphene Library OS provides a signing tool to sign all binaries that are loaded into the enclaves, just like the Intel SGX SDK.