-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safety Rules SGX with Teaclave #2
Open
zaxguo
wants to merge
13
commits into
master
Choose a base branch
from
lsr-teaclave
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git-subtree-dir: sgx-sdk git-subtree-split: 04c8271200080cc754d2bfdd26e3530808985ca0
|
Deal with untrusted components -- general approach "trust the untrusted system" b swapping them:
Specifically, components that need human auditing:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
This PR sets up the basic framework to integrate safety rules with SGX using Teaclave Rust SGX SDK.
There are a few notable changes made to enable Libra code to run inside SGX with Teaclave:
consensus/
|--Makefile *
|--safety_rules/
| -- build.rs *
|--enclave/ *
| -- Enclave.edl
| -- Makefile
File explanation:
Cargo build
to compile the non-enclave code for setting tup ECALLs/OCALLs in Rust API.xargo
to compile enclave code.build.rs: the build script to make the non-enclave code link against enclave library
Enclave.edl: the file specifies each ECALL/OCALL!
Using Xargo: SGX is a different STD environment, which requires the Rust code to be linked against SGX libstd, i.e.
sgx_tstd
. Xargo is used here to achieve this goal, which automatically swaps the Rust STD with sgx_tstd at compile time. The usage of Xargo can be found inenclave/Makefile
.Updating dependencies for enclave code: Virtual Cargo.toml files are added to handle the proper dependencies needed by enclave code.
To work with SGX, all dependencies that rely on libc must be substituted with respective SGX-supported ones, e.g.
serde
->serde-sgx
. However due to Cargo limitation, one crate cannot have different source paths, even with conditional compilation (Conditional compilation of dependency feature based on target doesn't work rust-lang/cargo#2524) -- this makes in-place dependency modification of the crates impossible.Virtual Cargo.toml solve this by pointing its library path to the original crate, while having a completely substituted dependency graph. A good example is the pair of
common/lcs/Cargo.toml
with its virtual one:sgx-deps/lcs/Cargo.toml
.All future virtual Cargo.tomls for SGX will be put under
sgx-deps/
and enclave code use them to compile. This is demonstrated inenclave/Cargo.toml
which relies on modifiedlcs
insgx-deps/lcs
.Additional code snippet must be added to the original crate's
lib.rs
to work with Xargo, shown below:This allows Xargo to read the SGX libstd (e.g.
sgx_tstd
) fromsysroot
. Otherwise it will fetch fromcrates.io
, although it's unclear what can go wrong if SGX libstds are fetched fromcrates.io
.no_std
(i.e. allowsdefault-features=off
) and do not rely onlibc
should compile out-of-box.no_std
but rely onlibc
might compile so long assgx_trts
implements its respective backend (e.g.libc::iovec
is supported bysgx_trts
).libc
might compile with minor code changes (e.g. SGX libstd asks the user to modify std::Mutex into std::SgxMutex manually so the user is aware of this)libc
might compile with moderate code changes (i.e. need to handle both SGX version of libc and std)sgx_tstd
) and SGX libc (i.e.sgx_trts
) do not compile.To embed inside currently LSR, the framework needs to setup a new SafetyRulesSGX which implements
TSafetyRules
traits. I leave this out since this is implemented in the Fortanix PR. (Safety Rules SGX with Fortanix (obsolete) #1)The enormous insertions are caused by adding teaclave as a subtree in
sgx-sdk/
in commit 5eb3fe5. Simply ignore it.Have you read the Contributing Guidelines on pull requests?
Yea
Test Plan
safety rules test suites
Related PRs
None