Hi everyone,
## Context
I'm trying to port Timely Dataflow to work in SGX using this SDK as part of my
dissertation. An experimental (and perhaps stupid) idea I have is too run some
of the dataflow operations and store their associated data in untrusted
environment. Therefore, I am trying to develop a library where the majority
runs in SGX with `sgx_tstd as std` but will use some ocalls to do some things
outside SGX (Eg. using remote attestation to set up an encrypted communication
channel with a remote worker process), where these ocalls potentially use the
untrusted `std` and perhaps things that ultimately depend on untrusted `std`.
## Question
I have tried out the examples in this repo, looked at their make files, but I'm
still not sure what's the best way to structure a reusable Rust library that
contains ocalls and want to use both `std` and `sgx_tstd`. In addition, I'm
also confused to how the compilation should go for such a library and someone
who uses such a library. Tho I'm quite sure that I can reused the structure
(and the make files) in the examples if I were to simply make an application.
## Example
A more concrete example would be as the following:
**I have a crate called timely with the following structure:**
* timely
* src
* lib.rs
* enclave_timely.rs
* untrusted_timely.rs
* edl
* timely.edl
* Cargo.toml
lib.rs
```Rust
pub mod enclave_timely;
```
enclave_timely.rs
```Rust
#![no_std]
extern crate sgx_tstd as sgx_std;
extern crate sgx_types;
use sgx_std::vec::Vec;
use sgx_types::sgx_status_t;
extern "C" {
pub fn test_ocall(retval: *mut sgx_status_t, some_value: usize);
}
pub fn test_lib_call() {
let v = Vec::new();
let mut ret = sgx_status_t::SGX_SUCCESS;
unsafe {test_ocall(&mut ret, 8);}
}
```
untrusted_timely.rs
```Rust
extern crate sgx_types;
use sgx_types::sgx_status_t;
pub extern "C" fn test_ocall (some_val: usize) {
let v = Vec::new();
v.push(some_val);
println!("hello from enclave: {}", some_val);
}
```
timely.edl
```
enclave {
untrusted {
sgx_status_t test_ocall(uint32_t some_val);
};
};
```
**Then I would have someone who uses this like**
```Rust
extern crate timely;
use timely::enclave_timely::test_lib_call;
pub fn test() {
test_lib_call();
}
```
```
enclave {
from "timely.edl" import *;
};
```
This example obviously does not work because enclave_timely wants `[no_std]`
but untrusted_timely wants a `std` environment and the compiler complains about
duplicated definitions. From my understanding, to make this work, I have to put
the trusted part in one crate, and to put the untrusted part in another crate.
Then the untrusted crate will be compiled as a library and linked with the
`enclave_u` files generated by edger8r and the trusted crate will be compiled
as a library and linked with the `enclave_t` files. I'm not sure if this is
correct and if this is the best way to do this.
I'm new to SGX and Rust (and a compiler noob) so I might be missing some
obvious things here. I would also really appreciate if someone could point me
to additional resources for self-help.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/317
