> But I do think by limiting the enclave programming language to Rust, and not > trusting any external battlefield-tested library (sqlite in this case) would > limit the scope of this project.
Yes, I agree with you. This is another topic we can discuss more. Originally, the SGX SDK is designed to serve logics (app and enclave) written in Rust code. For example, ocall interfaces are only for Rust standard library. However, if you want to use FFI to call C library like sqlite, you have to implement some new ocall interfaces, which is extremely dangerous. However, we can provide an "ocall" abstraction layer (or so called platform abstraction layer) and give Rust and C interfaces (ABIs) to serve both Rust standard library and libc. This layer only focus on providing a secure yet universal "ocall" interfaces. Specifically, this layer is written in Rust and export C FFI to serve upper C libraries. I understand my description is still very obscure, but that's the rough idea I have. Here is a simple graph to demonstrate my thoughts: ``` -------------------------------------------------------------------------- Enclave (Rust) | Enclave (C) ----------------------+-------------+------------------------------------- Rust standard library | libc | SGX platform interfaces (Rust/C FFI) ----------------------+-------------+ ocall interfaces (Rust) | ------------------------------------+------------------------------------- ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave-sgx-sdk/pull/274#issuecomment-715476237
