You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@teaclave.apache.org by Yu Ding <no...@github.com.INVALID> on 2022/03/29 23:41:15 UTC

[apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)

we need a way to construct &quot;0 ocall enclave&quot; and this is the first move: make the env var access optional in sgx_tstd.

new feature gate proposed `initenv` which is by default open (backward compatible). disable this feature could statically remove `ocall::initenv` and `ocall::initargs`.
You can view, comment on, or merge this pull request online at:

  https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377

-- Commit Summary --

  * feat: new feature gate `initenv` to disable env ocalls on demand

-- File Changes --

    M sgx_tstd/Cargo.toml (3)
    M sgx_tstd/src/rt.rs (43)
    M sgx_tstd/src/sys/mod.rs (6)

-- Patch Links --

https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377.patch
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377
You are receiving this because you are subscribed to this thread.

Message ID: &lt;apache/incubator-teaclave-sgx-sdk/pull/377@github.com&gt;

Re: [apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)

Posted by Yu Ding <no...@github.com.INVALID>.

Merged #377 into v2.0.0-preview.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#event-6392700297
You are receiving this because you are subscribed to this thread.

Message ID: <ap...@github.com>

Re: [apache/incubator-teaclave-sgx-sdk] feat: new feature gate `initenv` to disable env ocalls on demand (PR #377)

Posted by volcano <no...@github.com.INVALID>.

I think constructing an "0-call enclaves" enclave can be implemented by using `sgx_no_tstd` instead of `sgx_tstd`. So feature gate `env` is not a way to use to construct an "0-call enclaves".

The current implementation is that environment variables are passed into the enclave from the normal world when the enclave is created, and there is no `ocall` to query and set environment variables while the enclave is running. Feature gate `env` can be used to control whether the enclave accepts environment variables from the normal world. When feature gate `env` is disabled, the enclave does not accept environment variables from the normal world, and the enclave can initialize custom trusted environment variables with method `initenv`.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/377#issuecomment-1084200763
You are receiving this because you are subscribed to this thread.

Message ID: <ap...@github.com>