Re: [apache/incubator-teaclave-sgx-sdk] The reason for TCSPolicy requirement on env_logger? (#271)

Yu Ding Tue, 06 Oct 2020 21:39:28 -0700

Hi @adaszko ,

Long story short: i just solved it in 
https://github.com/mesalock-linux/env_logger-sgx/commit/ae2a39b53827b0ca074a2966a554ba1a998d7836
 .
To get rid of the TCSPolicy limitation, use this line in your enclave's 
Cargo.toml
```toml
env_logger = { git = "https://github.com/mesalock-linux/env_logger-sgx";, 
default-features = false, features = ["mesalock_sgx"] } }
```


Details:
First I looked into the dependency tree of `env_logger-sgx`:
```
$ cargo tree
env_logger v0.7.1 
(/home/ding/incubator-teaclave-sgx-sdk/samplecode/logger/env_logger-sgx)
├── humantime v1.3.0 (https://github.com/mesalock-linux/humantime-sgx#d50b0b44)
│   ├── quick-error v1.2.2 
(https://github.com/mesalock-linux/quick-error-sgx#c77b8867)
│   └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       ├── hashbrown_tstd v0.7.1 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   [build-dependencies]
│       │   └── autocfg v1.0.1
│       ├── sgx_alloc v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       ├── sgx_backtrace_sys v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   └── sgx_libc v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │       └── sgx_types v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   [build-dependencies]
│       │   ├── cc v1.0.60
│       │   └── sgx_build_helper v0.1.3 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       ├── sgx_demangle v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       ├── sgx_libc v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│       ├── sgx_tprotected_fs v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   ├── sgx_trts v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   │   ├── sgx_libc v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│       │   │   └── sgx_types v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       │   └── sgx_types v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       ├── sgx_trts v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│       ├── sgx_types v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│       └── sgx_unwind v0.1.1 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│           [build-dependencies]
│           └── sgx_build_helper v0.1.3 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
├── log v0.4.8 (https://github.com/mesalock-linux/log-sgx#d08c18ff)
│   ├── cfg-if v0.1.10
│   └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
├── regex v1.3.1 (https://github.com/mesalock-linux/regex-sgx#cf45cc1a)
│   ├── aho-corasick v0.7.10 
(https://github.com/mesalock-linux/aho-corasick-sgx#ae5c0d76)
│   │   ├── memchr v2.2.1 
(https://github.com/mesalock-linux/rust-memchr-sgx#44e36be5)
│   │   │   ├── sgx_libc v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│   │   │   ├── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│   │   │   └── sgx_types v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7)
│   │   └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│   ├── memchr v2.2.1 
(https://github.com/mesalock-linux/rust-memchr-sgx#44e36be5) (*)
│   ├── regex-syntax v0.6.12 
(https://github.com/mesalock-linux/regex-sgx#cf45cc1a)
│   │   └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│   ├── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
│   └── thread_local v1.0.0 
(https://github.com/mesalock-linux/thread_local-rs-sgx#eb03eee1)
│       ├── lazy_static v1.4.0
│       │   └── spin v0.5.2
│       └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
├── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
└── termcolor v1.0.5 (https://github.com/mesalock-linux/termcolor-sgx#d8866cb9)
    └── sgx_tstd v1.1.2 
(https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.2#8f065be7) (*)
```

we can see that `env_logger-sgx` depends on `thread_local` which further 
requires secured thread local storage. an enclave cannot have stable thread 
local storage without `BOUND` TCS policy.

so the solution is to remove regex from this dependency tree. this is done by a 
small fix in env_logger-sgx and make it work without any external dependencies. 
see the above line for usage :-)


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/271#issuecomment-704686614

Re: [apache/incubator-teaclave-sgx-sdk] The reason for TCSPolicy requirement on env_logger? (#271)

Reply via email to