You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@teaclave.apache.org by Victor Zhang <no...@github.com.INVALID> on 2021/02/19 12:54:56 UTC

[apache/incubator-teaclave-sgx-sdk] Question on developing a "hybrid" library using Rust SGX (#317)

Hi everyone,

## Context
I'm trying to port Timely Dataflow to work in SGX using this SDK as part of my dissertation.  An experimental (and perhaps stupid) idea I have is too run some of the dataflow operations and store their associated data in untrusted environment. Therefore, I am trying to develop a library where the majority runs in SGX with `sgx_tstd as std` but will use some ocalls to do some things outside SGX (Eg. using remote attestation to set up an encrypted communication channel with a remote worker process), where these ocalls potentially use the untrusted `std` and perhaps things that ultimately depend on untrusted `std`.

## Question
I have tried out the examples in this repo, looked at their make files, but I'm still not sure what's the best way to structure a reusable Rust library that contains ocalls and want to use both `std` and `sgx_tstd`. In addition, I'm also confused to how the compilation should go for such a library and someone who uses such a library. Tho I'm quite sure that I can reused the structure (and the make files) in the examples if I were to simply make an application.

## Example
A more concrete example would be as the following:

**I have a crate called timely with the following structure:**
* timely
    * src
        * lib.rs
        * enclave_timely.rs
        * untrusted_timely.rs
    * edl
        * timely.edl
    * Cargo.toml

lib.rs
```Rust
pub mod enclave_timely;
```

enclave_timely.rs
```Rust
#![no_std]
extern crate sgx_tstd as sgx_std;
extern crate sgx_types;

use sgx_std::vec::Vec;

use sgx_types::sgx_status_t;

extern "C" {
    pub fn test_ocall(retval: *mut sgx_status_t, some_value: usize);
}

pub fn test_lib_call() {
    let v = Vec::new();
    let mut ret = sgx_status_t::SGX_SUCCESS;
    unsafe {test_ocall(&mut ret, 8);}
}
```
untrusted_timely.rs
```Rust
extern crate sgx_types;

use sgx_types::sgx_status_t;

pub extern "C" fn test_ocall (some_val: usize) {
    let v = Vec::new();
    v.push(some_val);
    println!("hello from enclave: {}", some_val);
}
```

timely.edl
```
enclave {

    untrusted {
        sgx_status_t test_ocall(uint32_t some_val);
    };
};

```

**Then I would have someone who uses this like**

```Rust
extern crate timely;
use timely::enclave_timely::test_lib_call;

pub fn test() {
    test_lib_call();
}
```

```
enclave {

   from "timely.edl" import *;
};
```

This example obviously does not work because enclave_timely wants `[no_std]` but untrusted_timely wants a `std` environment and the compiler complains about duplicated definitions. From my understanding, to make this work, I have to put the trusted part in one crate, and to put the untrusted part in another crate. Then the untrusted crate will be compiled as a library and linked with the `enclave_u` files generated by edger8r and the trusted crate will be compiled as a library and linked with the `enclave_t` files. I'm not sure if this is correct and if this is the best way to do this.

I'm new to SGX and Rust (and a compiler noob) so I might be missing some obvious things here. I would also really appreciate if someone could point me to additional resources for self-help.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317

Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a "hybrid" library using Rust SGX (#317)

Posted by Victor Zhang <no...@github.com.INVALID>.

Thanks! I tried this out the other day by compiling the untrusted crate as a static lib and compiling the trusted crate as a dynamic lib. It worked but I forgot to resolve this issue...

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#issuecomment-785800465

Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a "hybrid" library using Rust SGX (#317)

Posted by Victor Zhang <no...@github.com.INVALID>.

Closed #317.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#event-4375847900

Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a "hybrid" library using Rust SGX (#317)

Posted by volcano <no...@github.com.INVALID>.

Your understanding is correct. You must put the trusted part and the untrusted part in two different crates. xxx_t.c and xxx_u.c generated by edger8r are linked with trusted and untrusted library.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#issuecomment-785787841