You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by Yu Ding <no...@github.com.INVALID> on 2022/03/29 23:41:15 UTC
[apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)
we need a way to construct "0 ocall enclave" and this is the first move: make the env var access optional in sgx_tstd.
new feature gate proposed `initenv` which is by default open (backward compatible). disable this feature could statically remove `ocall::initenv` and `ocall::initargs`.
You can view, comment on, or merge this pull request online at:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377
-- Commit Summary --
* feat: new feature gate `initenv` to disable env ocalls on demand
-- File Changes --
M sgx_tstd/Cargo.toml (3)
M sgx_tstd/src/rt.rs (43)
M sgx_tstd/src/sys/mod.rs (6)
-- Patch Links --
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377.patch
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377
You are receiving this because you are subscribed to this thread.
Message ID: <apache/incubator-teaclave-sgx-sdk/pull/377@github.com>
Re: [apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)
Posted by Yu Ding <no...@github.com.INVALID>.
Merged #377 into v2.0.0-preview.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#event-6392700297
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>
Re: [apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)
Posted by volcano <no...@github.com.INVALID>.
I think constructing an "0-call enclaves" enclave can be implemented by using `sgx_no_tstd` instead of `sgx_tstd`. So feature gate `env` is not a way to use to construct an "0-call enclaves".
The current implementation is that environment variables are passed into the enclave from the normal world when the enclave is created, and there is no `ocall` to query and set environment variables while the enclave is running. Feature gate `env` can be used to control whether the enclave accepts environment variables from the normal world. When feature gate `env` is disabled, the enclave does not accept environment variables from the normal world, and the enclave can initialize custom trusted environment variables with method `initenv`.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#issuecomment-1084200763
You are receiving this because you are subscribed to this thread.
Message ID: <ap...@github.com>