Open jethrogb opened 5 years ago
cc @jsakkine-intel
Thanks. Interesting development. I haven't really followed Fortanix SGX stack development that closely. If I wanted to write a test program with this what would be the easy steps to get started?
@jsakkine-intel the toolchain is still in flux, the steps keep changing quite frequently these days. Right now, this should do it (if you have PSW & SDK driver installed):
rustup update nightly
cargo install xargo
cargo install sgxs-tools --version 0.6.0-rc1
cargo install fortanix-sgx-tools --version 0.1.0-rc1
# Soon, instead: cargo install fortanix-sgx-tools --git https://github.com/fortanix/rust-sgx
cargo new --bin sgxtest
cd sgxtest
echo '[target.x86_64-fortanix-unknown-sgx.dependencies.std]' > Xargo.toml
xargo build --target x86_64-fortanix-unknown-sgx
ftxsgx-elf2sgxs target/x86_64-fortanix-unknown-sgx/debug/sgxtest --heap-size 0x20000 --ssaframesize 1 --stack-size 0x20000 --threads 1 --debug
sgxs-append -i target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs
ftxsgx-runner target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs
Hi, my name is Yoni Moses and I work for a startup called Fireblocks. We are developing our core technology on SGX, that's why our main language was C++ until now. For a long time we have considered using Rust instead of C++. We've found a number of unofficial modules that tried to adopt Rust to run on SGX platform. However, for us it was amazing news to see that you guys have started to add SGX as an official target for Rust on main repository. We would like to understand what is the status of the project, do you have any estimation when do you think it will be ready to be merged to stable or release branches? Do you think that it's possible to use it just now? What is your recommendation for using Rust on SGX?
@yonimo the x86_64-fortanix-unknown-sgx
target is a core part of the Fortanix Enclave Development Platform (EDP). The goal of the EDP is to be the best way to write SGX applications (in every way: ease of use, performance, security). It differs significantly from other existing enclave platforms in how you write your application, in that you're not expected to write much (or any) outside-of-the-enclave code. Your enclave starts at Rust's fn main
. There's bare-bones instructions at https://github.com/fortanix/rust-sgx/issues/49 on how to use it in the current state. We plan to have a website and documentation out in a week or two. Please give it a try and let me know how it goes! Feel free to contact me on slack as well with any questions - https://fortanix.com/runtime-encryption-slack
Presumably, the new website is https://edp.fortanix.com/
Indeed
Hello, any update on this? It'd be nice to start using stable Rust after over a year!
@nhynes Which APIs do you want to use in particular? Just EREPORT/EGETKEY or others as well?
Just EREPORT/EGETKEY or others as well?
Yep, those are the ones.
We discussed this in today's @rust-lang/lang meeting. The only part of this that seems lang-specific is the intrinsics; everything else appears to be the domain of libs.
Of the intrinsics, we were wondering, since we have subsequently shipped asm!
, is there substantial value in having intrinsics for SGX-specific instructions, or can we just ask the SGX libraries to use asm!
and provide wrappers for that?
Sure, but couldn't you ask the same question of every other intrinsic?
This issue tracks the functionality available behind the
sgx_platform
feature gate.Relevant PRs:
56978
57119
TODO:
AlignXXX<[u8; _]>
types should be replaced by the actual types (from thesgx-isa
crate). Concern: that would makestd
dependent on thebitflags
crate.For more information about the target, see https://edp.fortanix.com