This is an automated email from the ASF dual-hosted git repository. mssun pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-website.git
commit 7c80abb2a9369884e762d386b6b5418f8b6ee346 Author: Mingshen Sun <[email protected]> AuthorDate: Fri Oct 15 16:34:06 2021 -0700 Add teaclave meetup 8 minutes --- site/blog/2021-10-14-teaclave-meetup-8.md | 139 ++++++++++++++++++--- site/blog/img/cve-2021-0186-patch.png | Bin 0 -> 321756 bytes site/blog/img/optee-with-rust-doc.png | Bin 0 -> 263756 bytes site/blog/img/project-powered-by-teaclave-logo.png | Bin 0 -> 425775 bytes site/blog/img/teaclave-meetup-8-zoom.png | Bin 0 -> 3942273 bytes .../teaclave-trustzone-sdk-links-in-homepage.png | Bin 0 -> 171936 bytes 6 files changed, 123 insertions(+), 16 deletions(-) diff --git a/site/blog/2021-10-14-teaclave-meetup-8.md b/site/blog/2021-10-14-teaclave-meetup-8.md index ba32bb5..b155e24 100644 --- a/site/blog/2021-10-14-teaclave-meetup-8.md +++ b/site/blog/2021-10-14-teaclave-meetup-8.md @@ -1,27 +1,134 @@ --- -title: "[Scheduled] Teaclave Meetup #8" +title: "Teaclave Meetup #8" date: 2021-10-14 author: Mingshen Sun --- -We are going to have the 8th monthly Teaclave (virtual) meetup. The -meetup in this month is scheduled on Oct 14, 2021 (PT): +## Agenda -- 19:00-20:00 on Thursday, Oct 14, 2021 (PT) +- Recent update in Teaclave — Mingshen Sun +- Using and Customizing Teaclave SGX SDK — Shunfan Zhou -You can find the corresponding date time in your TZ here: -<https://time.is/compare/1900_14_October_2021_in_PT> +## Notes -As usual, I'll give an update of Teaclave first. Then, we're glad to invite -Shunfan Zhou to talk about *experiences on using and customizing Teaclave SGX -SDK*. At last, we will have an open discussion session on recent news/projects -around confidential computing. +### Recent Update in Teaclave — Mingshen -I also create a Google Calendar for the recurring events. Please -subscribe if you're interested. +**Platform** -Apache Teaclave (incubating) Community Calendar: -<https://calendar.google.com/calendar/u/0/[email protected]> +- [docker] start Teaclave docker services with auto-detection mechanism (#559). +- Use `run-teaclave-service.sh` instead of using `docker-compose` directly. -At last, same as the previous meetup, please RSVP for the Zoom link (or find it -in the shared calendar). Thanks! +**SGX SDK** + +- v1.1.4-testing: [https://github.com/apache/incubator-teaclave-sgx-sdk/commits/v1.1.4-testing](https://github.com/apache/incubator-teaclave-sgx-sdk/commits/v1.1.4-testing) + - Rust `nightly-2021-09-13` + - Support Intel SGX SDK 2.15 and DCAP 1.12 +- Project template refactoring +- README polishing + +**TrustZone SDK** + +- Teaclave/OP-TEE: Integrating examples in Rust TrustZone SDK in OP-TEE + - Multiple PRs to OP-TEE's `manifest`, `build` repos. + - Now in the `master` branch, should be available in the next release 3.15 in Oct 15. + - OP-TEE with Rust: [https://optee.readthedocs.io/en/latest/building/optee_with_rust.html](https://optee.readthedocs.io/en/latest/building/optee_with_rust.html) + + + +**Website** + +- Add project/organization logos in the "Powered By" page: [https://teaclave.apache.org/powered-by/](https://teaclave.apache.org/powered-by/) + + + +- Redesign the "Contributors" page + - add Apache ID, GitHub ID to mentors, PPMC, and committers + - Tags for committers to show areas that they are familiar with +- Add API Docs (references) of TrustZone SDK both for host and TA sides + - Host: [https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec](https://teaclave.apache.org/api-docs/trustzone-sdk/optee-teec) + - TA: [https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee](https://teaclave.apache.org/api-docs/trustzone-sdk/optee-utee) + + + +- Blog + - [Podling Teaclave Report - October 2021](https://teaclave.apache.org/blog/2021-10-06-podling-teaclave-report-october-2021/) · Oct 05 2021 + - [Announcing Apache Teaclave (incubating) 0.3.0](https://teaclave.apache.org/blog/2021-10-01-announcing-teaclave-0-3-0/) · Sep 30 2021 + +**Community** + +- New committers: Yuan Zhuang and Rong Fan from Baidu +- Discord: Connect directly with Teaclave community members (join link: [https://discord.gg/ynECXsxm5P](https://discord.gg/ynECXsxm5P)) + +**Security** + +- *SmashEx: Smashing SGX Enclaves Using Exceptions* (to appear at CCS 2021): + Jinhua Cui (National University of Defense Technology, National University of + Singapore); Zhijingcheng Yu (National University of Singapore); Shweta Shinde + (ETH Zurich); Prateek Saxena (National University of Singapore); Zhiping Cai + (National University of Defense Technology) +- [https://arxiv.org/ftp/arxiv/papers/2110/2110.06657.pdf](https://arxiv.org/ftp/arxiv/papers/2110/2110.06657.pdf) +- CVE-2021-0186 + - [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548.html](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00548.html) + - **Description**: Improper input validation in the Intel(R) SGX SDK + applications compiled for SGX2 enabled processors may allow a privileged + user to potentially escalation of privilege via local access. + - **Affected Products**: Intel SGX SDK for Windows v2.12 and earlier, Intel + SGX SDK for Linux v2.13 and earlier, Intel® Processors supporting SGX2. + - Intel recommends updating the Intel® SGX SDK to the versions listed below. + Enclaves built with the new Intel® SGX SDK version should increment the + value of their ISVSVN field. +- Patch: [https://github.com/intel/linux-sgx/commit/edfe42a517b3e4b1d81204c3cdef6da6cb35fefc](https://github.com/intel/linux-sgx/commit/edfe42a517b3e4b1d81204c3cdef6da6cb35fefc) + + + +### Using and Customizing Teaclave SGX SDK — Shunfan Zhou + +- Teaclave SGX SDK + - pro: security + - con: testing is hard +- Case study: rust-bitcoin + - std + - Feature + - Port dependencies recursively +- Some issues + - efforts of porting + - security: 1) updates of upstream, 2) unit tests + - More TEE backend: AMD SEV, ARM CCA +- libs is not completed in SGX for vanilla Rust standard library +- Phala libc-hacks + - directly use Intel's libc + - use ocall warpper functions +- Conflicts: multiple language items in Rust +- Runtime behavior checks +- HW mode issue: `rand::thread_rnd()` is using CPUID, which is not allowed in SGX +- Check instructions after compiling + +### Free Discussion + +- About AMD SEV in Azure: [https://azure.microsoft.com/en-us/blog/azure-and-amd-enable-lift-and-shift-confidential-computing/](https://azure.microsoft.com/en-us/blog/azure-and-amd-enable-lift-and-shift-confidential-computing/) + +## Attendees + +- Mingshen Sun +- Qinkun Bao +- He Sun +- George +- Hongbo Chen +- hang +- Kevin +- Ben +- Ruide +- Rudong Zhou +- shelven +- Tongxin Li +- Weijie Liu +- Zha0Chan +- Tianyi Li +- DuanRan +- Gordon +- david + + +## Group Photo + + diff --git a/site/blog/img/cve-2021-0186-patch.png b/site/blog/img/cve-2021-0186-patch.png new file mode 100644 index 0000000..10cb7af Binary files /dev/null and b/site/blog/img/cve-2021-0186-patch.png differ diff --git a/site/blog/img/optee-with-rust-doc.png b/site/blog/img/optee-with-rust-doc.png new file mode 100644 index 0000000..17f8412 Binary files /dev/null and b/site/blog/img/optee-with-rust-doc.png differ diff --git a/site/blog/img/project-powered-by-teaclave-logo.png b/site/blog/img/project-powered-by-teaclave-logo.png new file mode 100644 index 0000000..389a028 Binary files /dev/null and b/site/blog/img/project-powered-by-teaclave-logo.png differ diff --git a/site/blog/img/teaclave-meetup-8-zoom.png b/site/blog/img/teaclave-meetup-8-zoom.png new file mode 100644 index 0000000..1ac7dbd Binary files /dev/null and b/site/blog/img/teaclave-meetup-8-zoom.png differ diff --git a/site/blog/img/teaclave-trustzone-sdk-links-in-homepage.png b/site/blog/img/teaclave-trustzone-sdk-links-in-homepage.png new file mode 100644 index 0000000..2ca1282 Binary files /dev/null and b/site/blog/img/teaclave-trustzone-sdk-links-in-homepage.png differ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
