> > But I do think by limiting the enclave programming language to Rust, and > > not trusting any external battlefield-tested library (sqlite in this case) > > would limit the scope of this project. > > Yes, I agree with you. This is another topic we can discuss more. > > Originally, the SGX SDK is designed to serve logics (app and enclave) written > in Rust code. For example, ocall interfaces are only for Rust standard > library. However, if you want to use FFI to call C library like sqlite, you > have to implement some new ocall interfaces, which is extremely dangerous.
I believe I have got rid of all the newly created ocall interfaces for sqlite in my previous commit? I believe it is now using the syscalls provided by Rust SGX SDK (either Rust PAL or Intel SGX SDK PAL I guess). I left a comment before. Please Correct me if I am wrong! > However, we can provide an "ocall" abstraction layer (or so called platform > abstraction layer) and give Rust and C interfaces (ABIs) to serve both Rust > standard library and libc. This layer only focus on providing a secure yet > universal "ocall" interfaces. Specifically, this layer is written in Rust and > export C FFI to serve upper C libraries. I understand my description is still > very obscure, but that's the rough idea I have. Here is a simple graph to > demonstrate my thoughts: > Yea, I remember there was also a paper from Singapore doing such a thing in the beginning. And I see there is a decent amount of checking written in Rust e.g. sgx_tstd. > ``` > -------------------------------------------------------------------------- > Enclave (Rust) | Enclave (C) > ----------------------+-------------+------------------------------------- > Rust standard library | libc | SGX platform interfaces (Rust/C FFI) > ----------------------+-------------+ > ocall interfaces (Rust) | > ------------------------------------+------------------------------------- > ``` Thanks for drawing the figure! So my understanding of this figure is that, Enclave written in Rust fully runs on top of Rust sgx_tstd. But Enclave written in C is not taking advantage of rigorous checking of Rust sgx_tstd but instead relies on Intel's tstdc (and Intel does not provide checks on the primitive ocalls? I believe they also do?) For the SGX platform interfaces (Rust/C FFI), I believe Enclave written in either Rust or C is taking advantage of it through FFI (Rust) or linked together (C). So if I am understanding correctly, you are saying that Rust sgx_tstd is more trustworthy than tstdc provided by Intel? So we shall not use external C libraries even if they do not bring further ocalls? Please correct me if I am wrong! Thank you so much for your explanations! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/274#issuecomment-715666742
