You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by Victor Zhang <no...@github.com.INVALID> on 2021/02/19 12:54:56 UTC
[apache/incubator-teaclave-sgx-sdk] Question on developing a "hybrid"
library using Rust SGX (#317)
Hi everyone,
## Context
I'm trying to port Timely Dataflow to work in SGX using this SDK as part of my dissertation. An experimental (and perhaps stupid) idea I have is too run some of the dataflow operations and store their associated data in untrusted environment. Therefore, I am trying to develop a library where the majority runs in SGX with `sgx_tstd as std` but will use some ocalls to do some things outside SGX (Eg. using remote attestation to set up an encrypted communication channel with a remote worker process), where these ocalls potentially use the untrusted `std` and perhaps things that ultimately depend on untrusted `std`.
## Question
I have tried out the examples in this repo, looked at their make files, but I'm still not sure what's the best way to structure a reusable Rust library that contains ocalls and want to use both `std` and `sgx_tstd`. In addition, I'm also confused to how the compilation should go for such a library and someone who uses such a library. Tho I'm quite sure that I can reused the structure (and the make files) in the examples if I were to simply make an application.
## Example
A more concrete example would be as the following:
**I have a crate called timely with the following structure:**
* timely
* src
* lib.rs
* enclave_timely.rs
* untrusted_timely.rs
* edl
* timely.edl
* Cargo.toml
lib.rs
```Rust
pub mod enclave_timely;
```
enclave_timely.rs
```Rust
#![no_std]
extern crate sgx_tstd as sgx_std;
extern crate sgx_types;
use sgx_std::vec::Vec;
use sgx_types::sgx_status_t;
extern "C" {
pub fn test_ocall(retval: *mut sgx_status_t, some_value: usize);
}
pub fn test_lib_call() {
let v = Vec::new();
let mut ret = sgx_status_t::SGX_SUCCESS;
unsafe {test_ocall(&mut ret, 8);}
}
```
untrusted_timely.rs
```Rust
extern crate sgx_types;
use sgx_types::sgx_status_t;
pub extern "C" fn test_ocall (some_val: usize) {
let v = Vec::new();
v.push(some_val);
println!("hello from enclave: {}", some_val);
}
```
timely.edl
```
enclave {
untrusted {
sgx_status_t test_ocall(uint32_t some_val);
};
};
```
**Then I would have someone who uses this like**
```Rust
extern crate timely;
use timely::enclave_timely::test_lib_call;
pub fn test() {
test_lib_call();
}
```
```
enclave {
from "timely.edl" import *;
};
```
This example obviously does not work because enclave_timely wants `[no_std]` but untrusted_timely wants a `std` environment and the compiler complains about duplicated definitions. From my understanding, to make this work, I have to put the trusted part in one crate, and to put the untrusted part in another crate. Then the untrusted crate will be compiled as a library and linked with the `enclave_u` files generated by edger8r and the trusted crate will be compiled as a library and linked with the `enclave_t` files. I'm not sure if this is correct and if this is the best way to do this.
I'm new to SGX and Rust (and a compiler noob) so I might be missing some obvious things here. I would also really appreciate if someone could point me to additional resources for self-help.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317
Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a
"hybrid" library using Rust SGX (#317)
Posted by Victor Zhang <no...@github.com.INVALID>.
Thanks! I tried this out the other day by compiling the untrusted crate as a static lib and compiling the trusted crate as a dynamic lib. It worked but I forgot to resolve this issue...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#issuecomment-785800465
Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a
"hybrid" library using Rust SGX (#317)
Posted by Victor Zhang <no...@github.com.INVALID>.
Closed #317.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#event-4375847900
Re: [apache/incubator-teaclave-sgx-sdk] Question on developing a
"hybrid" library using Rust SGX (#317)
Posted by volcano <no...@github.com.INVALID>.
Your understanding is correct. You must put the trusted part and the untrusted part in two different crates. xxx_t.c and xxx_u.c generated by edger8r are linked with trusted and untrusted library.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317#issuecomment-785787841