This is made possible by using the
wasmtime crate directly with the
nil backend. The
nil backend does not use a trusted execution environment (TEE) to run the Wasm application.
$ cd [ENARX GIT REPO] $ cargo install --no-default-features --features backend-nil --path . $ enarx run [SOME WASM FILE]
With that in place, you can even develop and test Wasm code on platforms which do not provide TEEs, and see if it can be run securely in an Enarx Keep on a platform with
For example, you can test the transparent TLS encryption — which Enarx does for
wasm32-wasi code in the Keep — on your Mac M1 or your Raspberry Pi 4B.
$ git clone https://github.com/haraldh/mini_http.git $ cd mini_http $ CARGO_TARGET_WASM32_WASI_RUNNER="enarx run --wasmcfgfile examples/Enarx.toml" \ cargo run --target wasm32-wasi --example hello_enarx
Point your browser to
https://127.0.0.1:3000 and accept the self-signed certificate and see the Enarx Wasm web server in action.
For more information, please refer to the mini_http README.md.
Note that the Enarx runtime only does transparent TLS encryption, and the Wasm application fully implements the web server. That means your app is not limited to a given Wasm framework like handling one
http connection. It is free to implement any protocol underneath the TLS layer. In the
Enarx.toml configuration you can specify several pre-opened sockets, on which your app can listen on and accept new connections.
Networking in the WebAssembly System Interface (WASI) standard was made possible by multiple contributions of Profian employees:
- WASI: Add sock_accept() to snapshot1
- Rust: implement sock_accept and enable networking
- wasmtime: implement sock_accept and basic networking
- wasi-libc: add support for accept and accept4
In the future we will enable networking for the Wasm WASI standard in many more programming languages. Everything is open source and free for everyone.