SGX-LKL: Linux Binaries in SGX Enclaves

SGX-LKL is a library OS designed to run unmodified Linux binaries inside SGX enclaves. It uses the Linux Kernel Library (LKL) ( to provide mature system support for complex applications within the enclave. SGX-LKL has support for in-enclave user-level threading, signal handling, and paging. System calls are handled within the enclave by LKL when possible, and asynchronous system call support is provided for the subset of system calls that require direct access to external resources and are therefore processed by the host OS. The goal of SGX-LKL is to provide system support for complex applications and managed runtimes such as the JVM with minimal or no modifications and minimal reliance on the host OS.

SGX-LKL is available on GitHub:

Christian Priebe (Apple, UK)
Dan O'Keeffe (Royal Holloway University, UK)
Divya Muthukumaran (SimplyBusiness, UK)
Joshua Lind (Facebook, US)
Pierre-Louis Aublin (Keio University, Japan)