Inclavare Containers

An open source enclave container runtime and security architecture for confidential computing scenarios.


Designed to help users protect the security, integrity and confidentiality of data in use

Open Standard

Fully open source and co-constructed, maintaining community neutrality, compatible communities, and compatible open source ecology

Cloud Native

Create a cloud-native confidential computing universal base for trusted business applications and second-party products to the cloud

What is Inclavare Containers?

Inclavare Containers, developed by Alibaba Cloud and Ant Group and cooperated with Intel, is the industry's first open source container runtime for confidential computing. Inclavare Containers significantly reduces the user's threshold for use. A variety of different enclave forms are available, providing more choices and flexibility between safety and cost for end users.

What problems does Inclavare Container solve?

Isolate privileged software Create the hardware-enforced isolation between tenant’s workload and privileged software controlled by CSP.
Remove CSP Remove CSP from the Trusted Computing Base(TCB) of tenant in untrusted cloud.
Remote attestation Construct the general attestation infrastructure to convince users to trust the workloads running inside TEE based on hardware assisted enclave technology.
Easy to use Provide low barrier to the use of confidential computing and the same experience as ordinary container.

Origin and History

  • Epiphany


  • PoC
    Prototype of rune


  • Open Source
    0.1.0 release
    First supported enclave runtime Occlum
    Based on SGX 1 hardware


  • 0.2.0 release
    Open-sourced shim and runectl (later renamed as sgx-tools)
    Load pal from host
    Update PAL API to v2


  • 0.3.0 release
    Support creation of a Confidential Computing K8s Cluster
    Adapt to v33 SGX in-tree driver
    RPM/DEB binaries


  • 0.4.0 release
    RA-TLS PoC
    Enclave Pooling Manager framework
    Dragonwell 11 (LTS for OpenJDK 11) reference image
    Skeleton enclave runtime


  • 0.4.1 release
    Stub enclave
    RA in shim
    w/o launching Occlum SDK container during bundle convertation
    PAL API v3 Enhance sgx-tools


  • 0.5.0 release
    K8s RA infrastructure with RA-TLS
    Enclave pooling
    Bundle cache
    Graphene enclave runtime


Current State

rune has been written into the OCI Runtime implementation list.
Have joined the OpenAnolis community for incubation.
Support to run Enclave containers through K8s and Docker.
Implement Enclave container type based on Intel SGX technology.
Support Occlum SGX library OS.
Five binary release versions from 0.1.0 to 0.4.1 have released for the community.
Provide Web server reference images based on Golang and Java development.

Application Scenario