Skip to main content

Nathaniel McCallum

Title: Wyrcan: the Container Bootloader Saga
Author: Nathaniel McCallum
Date: July 31, 2022

Wyrcan is a bootloader that boots into a container. That's all it does.

But of course, that's not the only thing that Wyrcan implies. Using Wyrcan to boot a container also means that you can use a tried and trusted software packaging ecosystem to have a bare-metal OS that is:

  • Stateless: Booting a container with Wyrcan means that nothing is installed on the disk. There is no state to manage except the state you put into your container. You never have to worry about whether packages are updated: you can schedule reboots to make sure you always have the latest OS. And if all your mounts of local storage are noexec, you can just reboot when compromised.
  • Memory-Resident: The full operating system is resident in RAM. That means it is fast. However, you can also set up swap in your container so that unused pages are written to disk, saving memory for your application.
  • Declarative: Your bare-metal operating system is developed using the same delarative tooling that you have come to expect from the container development pipeline. But your OS config in git. Host it in your favorite git forge (GitHub, GitLab, Bitbucket, etc). Build the images automatically. Host them in your favorite container repo.

Source: SCALE 19x 2022

Link: https://www.socallinuxexpo.org/scale/19x/presentations/wyrcan-container-bootloader-saga

Nathaniel McCallum

Title: Confidential Computing: why it HAS to be open source
Author: Nathaniel McCallum
Date: July 30, 2022

Confidential Computing is the use of hardware-based TEEs (e.g. Intel's SGX and AMD's SEV) to protect data and applications in use: that means that you can run workloads on a compromised or malicious system while still be assured that their confidentiality and integrity is protected. Setting this all up and deploying it is complex and has lots of moving parts. This session will discuss the core components, and look at the impact of who's running them, who supplied them, and whether they're open source. It will use the Enarx project (https://enarx.dev) as an example open source project to show what choices can be made to prioritise security and the importance of openness (in not just the code, but it's development) to the project and its success.

Source: SCALE 19x 2022

Link: https://www.socallinuxexpo.org/scale/19x/presentations/confidential-computing-why-it-has-be-open-source

Nick Vidal

Title: Bootstrapping a Community through Mentorship
Author: Nick Vidal
Date: June 25, 2022

We'll be presenting the strategies that we used to bootstrap our community. Enarx is an open source project part of the Confidential Computing Consortium from the Linux Foundation. Confidential Computing is a relatively new area which most developers are not familiar with. The Enarx project partnered with Outreachy (a diversity initiative from the Software Freedom Conservancy) and LFX Mentorship (from the Linux Foundation) to welcome five interns, who had zero knowledge of Confidential Computing. During just a few of months, they learned the basics and started building demos, from simple to more complex. They had the opportunity to showcase their demos at their first conference (Open Confidential Computing Conference), and have helped the Enarx project to be part of conferences in Africa (Open Source Festival) and Asia (FOSSASIA) for the first time. By creating a mentorship program, we were able to grow our community in a healthy and diverse way, where everyone helped each other to learn more about this new area and to promote it at conferences around the world.

Source: Open Source Summit NA 2022

Link: https://ossna2022.sched.com/event/11Nh2/bootstrapping-a-community-through-mentorship-nick-vidal-profian

Nick Vidal

Title: Confidential Computing: the next frontier for data protection
Author: Nick Vidal
Date: June 6, 2022

As organizations from different sectors move their computing workloads across multiple environments, from on-premises to public cloud to Edge, they require greater assurances that their sensitive code and data are protected.

There are three states in which data can be protected: at rest, in transit, and in use. Encrypting data at rest and in transit have become a common practice in cloud computing, while encrypting data in use (the core idea behind Confidential Computing) is still an emerging concern.

Enarx is a leading open source project part of the Confidential Computing Consortium that encrypts and provisions applications and data, providing a hardware-based solution to this need to maintain data confidentiality and integrity in use, regardless of who might own or have access to the host system on which the application is running. We plan to demonstrate how Enarx accomplishes this.

The Confidential Computing Consortium (CCC) is a project community at the Linux Foundation dedicated to defining and accelerating the adoption of confidential computing. It embodies open governance, open collaboration, and open source software.

As a member of the Confidential Computing Consortium and as a community manager of the Enarx project, I hope to demonstrate how Confidential Computing can help organizations - from sectors like healthcare, government & public sector, and human rights - to take advantage of the Cloud while still maintaining data confidentiality and integrity.

Source: RightsCon 2022

Link: https://www.rightscon.org/program/