You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by Vijay Chakilam <vi...@gmail.com> on 2020/03/11 00:36:39 UTC
OP-TEE TrustZone
Hi,
I am trying to find resources to help understand how to build trusted
applications for OP-TEE using Rust. I came across the repository
https://github.com/mesalock-linux/rust-optee-trustzone-sdk. And then, I
discovered MesaTEE, which is now the Teaclave project (please correct me if
I am wrong). It is great to see an apache project being incubated to
provide an open source universal secure computing platform. However, I am a
bit lost under the teaclave project that it's a bit unclear if teaclave
includes the Rust SDK for OP-TEE TrustZone? Is the Rust SDK moved to
Teaclave or is it now a separate project (if yes, is it still being
actively worked on?)?
Thanks,
Vijay
Re: OP-TEE TrustZone
Posted by Matt Sicker <bo...@gmail.com>.
Currently, only two repos have been donated so far:
https://github.com/apache?q=teaclave
We're still early in incubation, so after we have a release published,
that could be a good time to import any other repos, though I'm not
sure which ones are planned to be donated.
On Tue, 10 Mar 2020 at 19:37, Vijay Chakilam <vi...@gmail.com> wrote:
>
> Hi,
>
> I am trying to find resources to help understand how to build trusted
> applications for OP-TEE using Rust. I came across the repository
> https://github.com/mesalock-linux/rust-optee-trustzone-sdk. And then, I
> discovered MesaTEE, which is now the Teaclave project (please correct me if
> I am wrong). It is great to see an apache project being incubated to
> provide an open source universal secure computing platform. However, I am a
> bit lost under the teaclave project that it's a bit unclear if teaclave
> includes the Rust SDK for OP-TEE TrustZone? Is the Rust SDK moved to
> Teaclave or is it now a separate project (if yes, is it still being
> actively worked on?)?
>
> Thanks,
> Vijay
--
Matt Sicker <bo...@gmail.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org
Re: OP-TEE TrustZone
Posted by Vijay Chakilam <vi...@gmail.com>.
Thanks for your replies, Matt and Mingshen!
Hi Mingshen,
Thank you for all the work on the Rust OP-TEE TrustZone SDK. My company is
focusing on secure edge computing technologies for Machine Learning and
Inference. Since our focus is mostly on the IoT and Industry 4.0 use cases,
we were looking at TEE tech mostly for Arm chips to start with. That is how
we went looking for a Rust SDK for OP-TEE TrustZone. We'd love to help and
contribute to take the project further and bring it under the
Apache/Teaclave umbrella sooner than later. Any pointers to references for
me to get started would be appreciated.
Thanks,
Vijay
On Tue, Mar 10, 2020 at 9:11 PM Mingshen Sun <ms...@apache.org> wrote:
> Hi Vijay,
>
> Thanks for your interests in the Rust OP-TEE TrustZone SDK. At this
> point, I know that it is a bit confusing for other people. Let me
> answer your question first and explain the rationale behind it.
>
> For now, Rust OP-TEE TrustZone SDK is a separate project maintained by
> me. Since most basic primitives (utee, teec, std support) has been
> implemented already, I did spend too much time on it recently.
>
> For the more broader question, what's the relation between Teaclave
> (previously MesaTEE) and Rust OP-TEE TrustZone SDK? As you may see,
> the Teaclave project consists of two sub repositories: 1)
> incubator-teaclave-sgx-sdk, providing Rust SGX SDK, 2)
> incubator-teaclave, providing a universal secure computing platform
> ready for people to deploy and get started. Since the Teaclave
> platform tries to provide a more general/universal secure computing
> (or confidential computing) solution. We do not limit ourselves solely
> on the SGX target. However, compared to others, Intel SGX provides
> better security guarantees. That's why we first want to implement our
> all services (storage, authentication, access control, scheduler,
> etc.) on the SGX target. Once our platform is getting stable, we do
> have plan to support other secure computing backends like ARM
> TrustZone. At that stage, Rust OP-TEE TrustZone SDK will become an
> important role for the Teaclave project.
>
> Actually, I'm not sure whether other parties like you want to use this
> TrustZone SDK or in what kinds of scenarios. If it is your interests
> and really want to see it in the Apache infra, we can try to bring it
> into incubator earlier. However, I cannot guarantee to spent too much
> time on this at this stage, but contributors are very welcome!
>
> In short, Rust OP-TEE TrustZone SDK is related with the Teaclave
> project, but we haven't transfer ownership to Apache at this stage.
> And we have plan to include TrustZone SDK in and provide multiple
> backends support.
>
> Not sure if I answered your question clearly, feel free to ask if you
> have further questions.
>
> Best,
> Mingshen
>
>
>
> On Tue, Mar 10, 2020 at 5:37 PM Vijay Chakilam <vi...@gmail.com>
> wrote:
> >
> > Hi,
> >
> > I am trying to find resources to help understand how to build trusted
> > applications for OP-TEE using Rust. I came across the repository
> > https://github.com/mesalock-linux/rust-optee-trustzone-sdk. And then, I
> > discovered MesaTEE, which is now the Teaclave project (please correct me
> if
> > I am wrong). It is great to see an apache project being incubated to
> > provide an open source universal secure computing platform. However, I
> am a
> > bit lost under the teaclave project that it's a bit unclear if teaclave
> > includes the Rust SDK for OP-TEE TrustZone? Is the Rust SDK moved to
> > Teaclave or is it now a separate project (if yes, is it still being
> > actively worked on?)?
> >
> > Thanks,
> > Vijay
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
> For additional commands, e-mail: dev-help@teaclave.apache.org
>
>
Re: OP-TEE TrustZone
Posted by Mingshen Sun <ms...@apache.org>.
Hi Vijay,
Thanks for your interests in the Rust OP-TEE TrustZone SDK. At this
point, I know that it is a bit confusing for other people. Let me
answer your question first and explain the rationale behind it.
For now, Rust OP-TEE TrustZone SDK is a separate project maintained by
me. Since most basic primitives (utee, teec, std support) has been
implemented already, I did spend too much time on it recently.
For the more broader question, what's the relation between Teaclave
(previously MesaTEE) and Rust OP-TEE TrustZone SDK? As you may see,
the Teaclave project consists of two sub repositories: 1)
incubator-teaclave-sgx-sdk, providing Rust SGX SDK, 2)
incubator-teaclave, providing a universal secure computing platform
ready for people to deploy and get started. Since the Teaclave
platform tries to provide a more general/universal secure computing
(or confidential computing) solution. We do not limit ourselves solely
on the SGX target. However, compared to others, Intel SGX provides
better security guarantees. That's why we first want to implement our
all services (storage, authentication, access control, scheduler,
etc.) on the SGX target. Once our platform is getting stable, we do
have plan to support other secure computing backends like ARM
TrustZone. At that stage, Rust OP-TEE TrustZone SDK will become an
important role for the Teaclave project.
Actually, I'm not sure whether other parties like you want to use this
TrustZone SDK or in what kinds of scenarios. If it is your interests
and really want to see it in the Apache infra, we can try to bring it
into incubator earlier. However, I cannot guarantee to spent too much
time on this at this stage, but contributors are very welcome!
In short, Rust OP-TEE TrustZone SDK is related with the Teaclave
project, but we haven't transfer ownership to Apache at this stage.
And we have plan to include TrustZone SDK in and provide multiple
backends support.
Not sure if I answered your question clearly, feel free to ask if you
have further questions.
Best,
Mingshen
On Tue, Mar 10, 2020 at 5:37 PM Vijay Chakilam <vi...@gmail.com> wrote:
>
> Hi,
>
> I am trying to find resources to help understand how to build trusted
> applications for OP-TEE using Rust. I came across the repository
> https://github.com/mesalock-linux/rust-optee-trustzone-sdk. And then, I
> discovered MesaTEE, which is now the Teaclave project (please correct me if
> I am wrong). It is great to see an apache project being incubated to
> provide an open source universal secure computing platform. However, I am a
> bit lost under the teaclave project that it's a bit unclear if teaclave
> includes the Rust SDK for OP-TEE TrustZone? Is the Rust SDK moved to
> Teaclave or is it now a separate project (if yes, is it still being
> actively worked on?)?
>
> Thanks,
> Vijay
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@teaclave.apache.org
For additional commands, e-mail: dev-help@teaclave.apache.org