One of the features MesaTEE (now renamed as Teaclave) promised when it was initially open-sourced is the so-called "Non-bypassable gateway." Basically, we would like to show that all interactions between the TEE and the untrusted outside world are properly sanitized in our implementation.
As a first step towards this goal, I have implemented a tool that can extract the dependency graph of the crates built by Cargo. It's instrumentation to rustc that analyzes the Rust IR and stores information with an embedded DB such that it can gather information collected by multiple rustc invocations. The tool provides three custom attributes: require_audit, audited, and entry_point. These attributes can annotate any item-like entities in Rust code, including ADT, functions, traits, and impl blocks. Starting from each entry_point, the tool traverses the dependency graph with DFS and emits a warning whenever it encounters an item marked by require_audit unless another item marked by audited presents along the traversal path. The attributes have no effects on code generation and can be safely ignored by anyone that does not care about code auditing. About how to publish the tool, there are two options. It can be part of mesatee-sgx, the fundamental dependency of the mesatee project. Or it can be released as a standalone tool. In theory, it can be used to audit other Rust projects, but I wonder how attractive that would be. Either way, we have to annotate a lot of code in mesatee-sgx and mesatee to make the tool acutally useful. Let me know your thoughts. Pei
