Support latest Rust nightly build (nightly-2018-01-19-x86_64-unknown-linux-gnu)
Xargo support Rust SGX SDK v0.9.5 provides xargo
support with a target x86_64-unknown-linux-sgx
. To compile a crate using xargo
, add a corresponding json config and make appropirate changes to the source code, then compile it with xargo build -target x86_64-unknown-linux-sgx --release
. Porting is easier! Please refer to the ported third-party libraries for more details.
Network access support We port part of std::net
to sgx_tstd::net
. Now sgx_tstd::net
supports most of socket functions by using 12 ocalls (defined in edl/sgx_net.edl
).
Rustls, webpki and ring for TLS support We port the most famous TLS implementation rustls, along with its dependnecy webpki and crypto library ring into Rust-SGX world. And we provide a pair of TLS client/server application code samples. Please reference to tls sample codes for detail.
File system access (sgx_tstd::fs and sgx_tstd::sgxfs) support We port part of std::fs
to sgx_tstd::fs
for normal linux files. Also, we provide sgx_tstd::sgxfs
to support Intel's protected_fs
, an encrypted file access mechanism.
Time (sgx_tstd::time and sgx::tservice::SgxTime) support We port std::time
to sgx_tstd::time
and it provides untrusted local time. We implement sgx::tservice::SgxTime
for the Intel ME based trusted timestamp. To use SgxTime
, the iClsclient library and Dynamic Application Loader (DAL) Host Interface (aka JHI) are required. Please reference to sgxtime usage for detail.
Environment variable operation (sgx_tstd::env) support We port part of std::env
to sgx_tstd::env
to support setting/getting environment variables.
All of the third-party libraries could be compiled by make
or XARGO_SGX=1 make
. In this release, we have the following new libraries ported.
xargo
would generate a sysroot, including all basic libraries. In the past, everytime a Rust-SGX project is compiled via make
, the basic Rust-SGX runtime would be compiled. Now, if we use xargo
to compile (XARGO_SGX=1 make
), only the first time xargo builds the sysroot and saves them in Rust's directory and the basic Rust-SGX libraries would be re-used later.
The current sysroot includes:
Support Intel SGX SDK 2.0 for Linux Intel released Intel SGX SDK 2.0 for Linux recently and we upgraded Rust SGX SDK to support it.
Support latest Rust nightly build (nightly-2017-11-29-x86_64-unknown-linux-gnu) We upgraded sgx_tstd
to support the latest Rust nightly release. On Nov 9th, librand
had been removed from libstd
in this commit and we did the same change on sgx_tstd
as well as some other minor changes.
Provide rusty-machine in Intel SGX We ported the most popular machine learning library rusty-machine to Intel SGX, along with its examples. Please refer to the Rust SGX version rusty-machine and the machine learning code samples for more details.
Almost there! Rust SGX SDK v0.9.0 is coming up as a beta version of the future v1.0.0, with the most desired sgx_tstd
as well as many new features!
Support Crate porting. Porting existing Rust crates into the SGX world becomes possible. We have successfully ported several crates from Crates.io with little modifications. Please refer to the section ‘Porting Rust Crates’ for step-by-step instructions.
Support programming untrusted components in Rust. Now v0.9.0 provides sgx_urts
for the untrusted world! One can write Rust codes to start and run an SGX enclave!
Support Serialization/deserialization . Passing structured data to the enclave is no longer a problem! Rust SGX SDK v0.9.0 comes with sgx_serialize
, providing secure serialization and deserialization APIs!
Support stdin/stdout/stderr
. Now macros like println!
are available inside SGX enclave.
Support backtrace
inside SGX enclaves. Stack backtrace inside an SGX enclave could be automatically dumped on panicking after enabling the backtrace mechanism.
Support unit tests. Now one can write unit tests with Rust style assertions. Please refer to the new crate sgx_tunittest
.
Rust SGX SDK v0.9.0 supports up-to-date Rust nightly build (tested on rust version 1.22.0-nightly (3c96d40d3 2017-09-28)).
Welcome to report bugs, and we will fix them as soon as possible. Thanks for your contributions!
sgx_tstd
(previously known as sgx_tstdc
) is designed to act as std
in SGX programming. Now sgx_tstd
fully supports of any
, ascii
borrow
, boxed
, cell
, char
, clone
, cmp
, collections
, convert
, default
, error
, f32
, f64
, ffi
, fmt
, hash
, i8
, i16
, i32
, i64
, io
, isize
, iter
, marker
, mem
, num
, ops
, option
, panic
, prelude
, ptr
, rc
, result
, slice
, str
, string
, u8
, u16
, u32
, u64
, usize
, vec
, heap
, i128
, intrinsics
, raw
, u128
, and partially supports of fs
, os
, path
, sync
and thread
. For details, please refer to the section ‘Difference between sgx_tstd
and Rust std
’.sgx_urts
(e.g., untrusted run time), sgx_ustdio
(e.g., helper functions of stdio) and sgx_ubacktrace
(e.g., helper functions of backtrace).sgx_serialzie
.sgx_rand
along with its Derive
feature support.backtrace
in sgx_tstd
and sgx_ubacktrace
+ libbacktrace
.alloc_system
through sgx_alloc
.In samplecode
directory, we provide the following new code samples:
hello-rust
is the helloworld sample written in pure Rust.backtrace
is a sample showing how to enabling backtrace mechanism inside the enclave.file
shows basic usage of SGX's new file system APIs.unit-test
shows the way of writing unit tests and conduct unit testing.zlib-lazy-static-sample
shows how to use ported third party crates inside enclave.In third_party
directory, we provide six crates ported from untrusted world.
inflate
a simple implementation of inflate algorithm.libflate
a more complex implementation of inflate algorithm. It dependents on adler32-rs
and byteorder
.lazy-static.rs
a widely used crate for initializing static data structures.yansi
printing colorful characters on terminal.sgx_tstd
in enclavestd
is the most important and fundamental crate in Rust. Due to Intel SGX‘s limitations, many features in Rust’s std
are incompatible with SGX, thus not all features of std
are available in Intel SGX enclaves.
To offer a user-friendly and secure Rust environment in SGX, we implement sgx_tstd
. It is very much similar to Rust's std
and easy to use. Here is a sample usage:
In Cargo.toml of your project, add the following line to include sgx_tstd
[dependency] sgx_tstd = { path = "path/to/sgx_tstd" }
And add the following lines in your lib.rs
(use vec
as an example here):
extern crate sgx_tstd as std; use std::vec::Vec;
One can use sgx_tstd
in the namespace of std
and write Rust program as usual.
But sgx_tstd
has its own limitations. We replace some Rust struct with SGX struct (e.g. Mutex
now is SgxMutex
). We rename some of these structs because the implementation of SgxMutex
is vastly different from Rust's Mutex
. And we want developers to be clear which mutex they are using.
Please refer to ‘Difference between sgx_tstd
and Rust std
’ for the detail of sgx_tstd
.
The most important thing is that the trusted world is a no_std
world. If you see linking errors such as f32
f64
panic_fmt
is already defined in std
, it means that you are linking the Rust's std
to the enclave. This is absolutely wrong. You need to check every direct and indirect dependent crates to see if depends on std
.
Here is a step-by-step instruction for porting crates to the SGX enclave. To be easy, we name the crate you want to port as ‘root crate’.
std::vec::Vec
. Almost all crates use std
.Cargo.toml
. In the dependency section, change the crate location to local file system ({ path = "path/to/lib" }
)sgx_tstd
to Cargo.toml
as a new dependency, e.g., sgx_tstd = { path = "path/to/sgx_tstd" }
.lib.rs
. Add #[no_std]
at the beginning, after all #![]
inner attributes.extern crate sgx_tstd as std
to include sgx_tstd
under the std
namespace.sgx_tstd
.Please look into third_party
directory for porting samples.
The latest Intel SGX SDK for linux v1.9 only supports protobuf v2. Protobuf v2 has a lot of known bugs and is out-of-date. We provide an experimental dev environment with the latest protobuf v3.4.1 and a patched Intel SGX SDK v1.9.
The docker image is on the docker hub now. Please use the following command to download it.
docker pull baiduxlab/sgx-rust-experimental
$(SGX_SDK)/lib64/libsgx_tprotected_fs.a
and libsgx_uprotected_fs.a
contains extra header files, which would probably cause linking problems. To resolve this, one should run the following commands to remove the header files:ar d $(SGX_SDK)/lib64/libsgx_uprotected_fs.a sgx_tprotected_fs_u.h ar d $(SGX_SDK)/lib64/libsgx_tprotected_fs.a sgx_tprotected_fs_t.h
In the docker environment, these two static libraries have been properly patched.
liblibc
. Crate libc
is not designed for #![no_std]
environment. Though it provides features for no_std
, it cannot be linked to SGX enclaves. To resolve this, one should remove one of the existing liblibc
rlib. Based on our observations, the larger one is the correct one.In our docker environment, the extra liblibc
is removed.
sgx_tstd
and Rust std
For now we support a subset of Rust's std
in the trusted world. There is a full list of supported mods/macros in sgx_tstd
sgx_tstd
New mods in sgx_tstd
: enclave
, backtrace
, cpuid
and sync::spinlock
.
New macros : global_ctors_object
and cfg_if
.
New SGX structures (corresponding to Rust's std) :
Exist Structs | Rust Sgx Structs |
---|---|
std::fs::File | sgx_tstd::fs::SgxFile |
std::thread::Thread | sgx_tstd::thread::SgxThread |
std::thread::ThreadId | sgx_tstd::thread::SgxThreadId |
std::sync::Mutex | sgx_tstd::sync::SgxMutex |
std::sync::MutexGuard | sgx_tstd::sync::SgxMutexGuard |
std::sync::Condvar | sgx_tstd::sync::SgxCondvar |
std::sync::RwLock | sgx_tstd::sync::SgxRwLock |
std::sync::RwLockReadGuard | sgx_tstd::sync::SgxRwLockReadGuard |
std::sync::RwLockwriteGuard | sgx_tstd::sync::SgxRwLockwriteGuard |
sgx_tstd
Mod | Description |
---|---|
any | This module implements the Any trait. |
ascii | Operations on ASCII strings and characters. |
borrow | A module for working with borrowed data. |
boxed | A pointer type for heap allocation. |
cell | Shareable mutable containers. |
char | A character type. |
clone | The clone trait for types that cannot be ‘implicitly copied’. |
cmp | Functionality for ordering and comparison. |
collections | Collection types. |
convert | Traits for conversions between types. |
default | The default trait for types which may have meaningful default values. |
error | Trais for working with Errors. |
f32 | 32 bit float point support. |
f64 | 64 bit float point support. |
ffi | Utilities related to FFI bindings. |
fmt | Utilities for formatting and printing Strings. |
hash | Generic hashing support. |
i8 | The 8-bit signed integer type. |
i16 | The 6-bit signed integer type. |
i32 | The 32-bit signed integer type. |
i64 | The 64-bit signed integer type. |
io | Traits, helpers, and type definitions for core I/O functionality. |
isize | The pointer-sized signed integer type. |
iter | Composable external iteration. |
marker | Primitive traits and types representing basic properties of types. |
mem | Basic functions for dealing with memory. |
num | Additional functionality for numeric. |
ops | Overloadable operators. |
option | Optional values. |
panic | Panic support in the standard library. |
prelude | The Rust Prelude. |
ptr | Raw, unsafe pointers, *const T , and *mut T . |
rc | Single-threaded reference-counting pointers. ’Rc’ stands for ‘Reference Counted’ |
result | Error handling with the Result type. |
slice | A dynamically-sized view into a contiguous sequence, [T] . |
str | Unicode string slices. |
string | A UTF-8 encoded, growable string. |
u8 | The 8-bit unsigned integer type. |
u16 | The 16-bit unsigned integer type. |
u32 | The 32-bit unsigned integer type. |
u64 | The 64-bit unsigned integer type. |
usize | The pointer-sized unsigned integer type. |
vec | A contiguous growable array type with heap-allocated content, written Vec<T> . |
heap | dox |
i128 | The 128-bit signed integer type. |
intrinsics | Rustc compiler intrinsics. |
raw | Contains struct definitions for the layout of compiler built-in types. |
u128 | The 128-bit unsigned integer type. |
sgx_tstd
Macros | Description |
---|---|
assert | Ensure that a boolean expression is true at runtime. |
assert_eq | Asserts that two expressions are equal to each other (using PartialEq). |
assert_ne | Asserts that two expressions are not equal to each other (using PartialEq). |
cfg | Boolean evaluation of configuration flags. |
column | A macro which expands to the column number on which it was invoked. |
compile_error | Unconditionally causes compilation to fail with the given error message when encountered. |
concat | Concatenates literals into a static string slice. |
debug_assert | Ensure that a boolean expression is true at runtime. |
debug_assert_eq | Asserts that two expressions are equal to each other. |
debug_assert_ne | Asserts that two expressions are not equal to each other. |
env | Inspect an environment variable at compile time. |
eprint | Macro for printing to the standard error. |
eprintln | “Macro for printing to the standard error with a newline.” |
file | A macro which expands to the file name from which it was invoked. |
format | Use the syntax described in std::fmt to create a value of type string. See std::fmt for more information. |
format_arg | The core macro for formatted string creation & output. |
include | Parse a file as an expression or an item according to the context. |
include_bytes | Includes a file as a reference to a byte array. |
include_str | Includes a utf8-encoded file as a string. |
line | A macro which expands to the line number on which it was invoked. |
module_path | Expands to a string that represents the current module path. |
option_env | Optionally inspect an environment variable at compile time. |
panic | The entry point for panic of Rust threads. |
Macro for printing to the standard output. | |
println | Macro for printing to the standard output with a newline. |
stringify | A macro which stringifies its argument. |
thread_local | Declare a new thread local storage key of type std::thread::LocalKey. |
concat_idents | Concatenate identifiers into one identifier. |
try | Helper macro for reducing boilerplate code for matching Result together with converting downstream errors. |
unimplemented | A standardized placeholder for marking unfinished code. It panics with the message “not yet implemented” when executed. |
unreachable | A utility macro for indicating unreachable code. |
vec | Creates a Vec containing the arguments. |
write | Write formatted data into a buffer. |
writeln | Write formatted data into a buffer, with a newline appended. |
sgx_tstd
std::fs
, std::os
, std::path
, std::sync
, std::thread
are partially supported in sgx_tstd
. Here we only list the unsupported parts of them. All the other parts are supported.
std::fs
Unsupported stuffs: fs::Dirbuilder; fs::DirEntry; fs::FileType; fs::Metadata; fs::Permissions; fs::ReadDir; fs::canonicalize; fs::create_dir; fs::create_dir_all; fs::hard_link; fs::metadata; fs::read_dir; fs::read_link; fs::remove_dir; fs::remove_dir_all; fs::rename; fs::set_permissions; fs::soft_link; fs::symlink_metadata; fs::File::sync_all; fs::File::sync_data; fs::File::set_len; fs::File::metadata; fs::File::try_clone; fs::File::set_permissions; Debug for fs::File; AsRawFd for fs::File; FromRawFd for fs::File; IntoRawFd for fs::File; FileEx for fs::File; Clone for fs::OpenOptions; Debug for fs::OpenOptions; OpenOptionsExt for fs::OpenOptions;
std::os
Unsupported stuffs: os::linux; os::raw; os::unix::io; os::unix::net; os::unix::process; os::unix::raw; os::unix::thead; os::unix::fs::DirBuilderExt; os::unix::fs::DirEntryExt; os::unix::fs::FileTypeExt; os::unix::fs::MetadataExt; os::unix::fs::OpenOptionsExt; os::unix::fs::PermissionsExt;
std::path
Unsupported stuffs: path::Path::maetadata; path::Path::symlink_metadat; path::Path::canonicalize; path::Path::read_link; path::Path::read_dir; path::Path::exists; path::Path::is_file; path::Path::is_dir;
std::sync
Unsupported stuffs: sync::mpsc; sync::WaitTimeoutResult; sync::Condvar::wait_timeout_ms; sync::Condvar::wait_timeout;
std::thread
Unsupported stuffs: thread::Builder; thread::JoinHandle; thread::park_timeout; thread::park_timeout_ms; thread::sleep; thread::sleep_ms; thread::spawn; thread::yield_now; thread::Result; thread::Thread::name; Debug for thread::Thread;
sgx_tstd
Mod : std::env
, std::net
, std::process
, std::time
Macro : select