You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by GitBox <gi...@apache.org> on 2022/10/26 13:55:03 UTC

[GitHub] [incubator-teaclave-trustzone-sdk] HakonToemte opened a new issue, #99: Question: Third party crates

HakonToemte opened a new issue, #99:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99

   Good day!
   In the signature_verification-rs example, an altered and Rust OPTEE compatible version of ring is used.
   `ring = { git = "https://github.com/veracruz-project/ring.git", branch = "veracruz", version = "=0.16.11", features = ["std"] }`
   I suppose this is done because the official ring crate is non-compatible, atleast `ring = "0.16.11"` does not compile for me.
   I realize this probably means the official ring crate uses system calls.
   
   How can one turn a non-compatible crate into a compatible one?
   How much work is this usually?
   Also, do you have any tricks to find any already altered and compatible versions of crates online?
   
   Thank you!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org

[GitHub] [incubator-teaclave-trustzone-sdk] HakonToemte commented on issue #99: Question: Third party crates

Posted by GitBox <gi...@apache.org>.
HakonToemte commented on issue #99:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99#issuecomment-1293945116

   Thanks for the quick and good answers!
   
   > But if a crate uses the syscall OP-TEE unsupported, it cannot be compatible with OP-TEE.
   
   What exactly do you mean with a syscall OP-TEE unsupported?
   A syscall that doesn't have a RUST OP-TEE replacement?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org

[GitHub] [incubator-teaclave-trustzone-sdk] mssun commented on issue #99: Question: Third party crates

Posted by GitBox <gi...@apache.org>.
mssun commented on issue #99:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99#issuecomment-1293005880

   > Also, do you have any tricks to find any already altered and compatible versions of crates online?
   
   Sorry, there is not a centralized place to host the compatible crates now. You can port these crates by yourself.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org

[GitHub] [incubator-teaclave-trustzone-sdk] DemesneGH commented on issue #99: Question: Third party crates

Posted by GitBox <gi...@apache.org>.
DemesneGH commented on issue #99:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99#issuecomment-1294388594

   > A syscall that doesn't have a RUST OP-TEE replacement?
   
   Yep you got that right:)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org

[GitHub] [incubator-teaclave-trustzone-sdk] HakonToemte closed issue #99: Question: Third party crates

Posted by GitBox <gi...@apache.org>.
HakonToemte closed issue #99: Question: Third party crates
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org

[GitHub] [incubator-teaclave-trustzone-sdk] DemesneGH commented on issue #99: Question: Third party crates

Posted by GitBox <gi...@apache.org>.
DemesneGH commented on issue #99:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/99#issuecomment-1292941834

   Hi @HakonToemte 
   The main commit of porting to OP-TEE in `ring` is: https://github.com/veracruz-project/ring/commit/808f1f6184b72266ac633e2f0e9a05ad4942a77c, where the random generation function has been patched to `optee_utee::Random`.
   The other example is the `Rustls` crate in `tls-client` and `tls-server`, we patched `time` for OP-TEE use: https://github.com/DemesneGH/rustls/commit/5517587a235f27dee09a88010f57f2ea5d5a90b3.
   
   > How can one turn a non-compatible crate into a compatible one?
   
   Replace the incompatible syscalls with the ones provided in TrustZone SDK. The functionalities TrustZone SDK provided are in `SDK/optee-utee/src`. But if a crate uses the syscall OP-TEE unsupported, it cannot be compatible with OP-TEE.
   
   You can find the already altered crates in our examples. There are `Ring` and `Rustls` for now. If we have ported a new crate we will add an example for it.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org