b49020 opened a new pull request, #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114
Existing OP-TEE rust environment required a custom rust toolchain target for OP-TEE based TAs. I suppose back in 2019 when this SDK was created, rust embedded ecosystem (especially no_std support) was in its very early stages of development. But as of today many rust crates have already added support for rust no_std or are being actively worked on to add rust no_std support for example rustls here(https://github.com/rustls/rustls/pull/1399). This effort is a followup effort to the discussion here (https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/113). The major motivation for this effort was to make OP-TEE rust TAs development environment to be the first class citizen. Rust `no_std` support seems to provide quite similar environment as we have on the C counterpart side in OP-TEE (we don't support fully fledged libc/glibc but rather our own quite simple libutils library). Upsides for this PR: -------------------- - Reusing standard rust aarch64 teir-1 toolchain target (aarch64-unknown-linux-gnu) for TAs development. - Significant rust TAs performance improvements. - Significant rust TAs binary size reduction. - Dropping custom rust toolchain/libc/compiler-builtins support. - Make rust TA builds to be quite similar to rust Linux application builds: ``` $ cargo build --target $(TARGET) --release --verbose --config $(LINKER_CFG) ``` Downsides for this PR: ---------------------- - We have to drop networking and serde related TA examples due to their strong reliance on rust std support. But as I mentioned above with no_std support picking up, we should be able to rewrite them. Testing ======= Their is one change needed for OP-TEE build repo in order to build this PR as follows. Once there is consensus on this PR, I will submit this change as well. ``` build$ git diff diff --git a/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk b/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk index e19e8b5..af2f368 100644 --- a/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk +++ b/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk @@ -12,7 +12,7 @@ endif EXAMPLE = $(wildcard examples/*) HOST_TARGET := aarch64-unknown-linux-gnu -TA_TARGET := aarch64-unknown-optee-trustzone +TA_TARGET := aarch64-unknown-linux-gnu export RUST_TARGET_PATH = $(@D) export RUST_COMPILER_RT_ROOT = $(RUST_TARGET_PATH)/rust/rust/src/llvm-project/compiler-rt ``` Once that's done we should be able to build OP-TEE buildroot setup with rust support: ``` $ make -j`nproc` OPTEE_RUST_ENABLE=y ``` For interactive run, just bring up Qemu with below command and run rust examples: ``` $ make run-only ``` Or you can test all rust examples in one go: ``` $ make check-only-rust <snip> Starting QEMU... done, guest is booted. Test Rust applications: Running acipher-rs... Test success Running aes-rs... Test success Running authentication-rs... Test success Running big_int-rs... Test success Running diffie_hellman-rs... Test success Running digest-rs... Test success Running hello_world-rs... Test success Running hotp-rs... Test success Running random-rs... Test success Running secure_storage-rs... Test success Running supp_plugin-rs... Test success Running time-rs... Test success Running signature_verification-rs... Test success Test Rust application finished ``` Performance comparisons ======================= After this PR, the TA performance becomes equivalent to the C counterparts. This is impressive improvement as compared to 35% performance gap earlier as illustrated here (https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/89). See below comparison after this PR: ``` # time aes-rs Prepare encode operation Load key in TA Reset ciphering operation in TA (provides the initial vector) Encode buffer from TA Prepare decode operation Load key in TA Reset ciphering operation in TA (provides the initial vector) Decode buffer from TA Clear text and decoded text match real 0m 0.10s user 0m 0.00s sys 0m 0.09s # # time optee_example_aes Prepare session with the TA Prepare encode operation Load key in TA Reset ciphering operation in TA (provides the initial vector) Encode buffer from TA Prepare decode operation Load key in TA Reset ciphering operation in TA (provides the initial vector) Decode buffer from TA Clear text and decoded text match real 0m 0.10s user 0m 0.00s sys 0m 0.08s # # # time random-rs Invoking TA to generate random UUID... Invoking done! Generate random UUID: 60ee720f-493b-45a2-f7413c1bfc3df154 Success real 0m 0.08s user 0m 0.00s sys 0m 0.07s # # time optee_example_random Invoking TA to generate random UUID... TA generated UUID value = 0x4d45495584fb6fa851a761c3583dc3c real 0m 0.08s user 0m 0.00s sys 0m 0.06s ``` Size comparisons ================ As you can observe from the comparisons below, there is approx. 70K - 80K TA binary size reduction after this PR: ``` $ ls -lh ./per-package/optee_rust_examples_ext/target/lib/optee_armtz/ ... -r--r--r-- 2 sumit sumit 197K Dec 21 17:29 057f4b66-bdab-11eb-96cf-33d6e41cc849.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 0864c8ec-bdab-11eb-8926-c7fa47a8c92d.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 0a5a06b2-bdab-11eb-add0-77f29de31296.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 0bef16a2-bdab-11eb-94be-6f9815f37c21.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 0e6bf4fe-bdab-11eb-9bc5-3f4ecb50aee7.ta -r--r--r-- 2 sumit sumit 196K Dec 21 17:30 10de87e2-bdab-11eb-b73c-63fec73e597c.ta -r--r--r-- 2 sumit sumit 196K Dec 21 17:30 133af0ca-bdab-11eb-9130-43bf7873bf67.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 1585d412-bdab-11eb-ba91-3b085fd2601f.ta -r--r--r-- 2 sumit sumit 196K Dec 21 17:30 197c710c-bdab-11eb-8f3f-17a5f698d23b.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:30 1cd6d392-bdab-11eb-9082-abc902ac5cd4.ta -r--r--r-- 2 sumit sumit 196K Dec 21 17:31 21b1a1da-bdab-11eb-b614-275a7098826f.ta -r--r--r-- 2 sumit sumit 262K Dec 21 17:31 255fc838-de89-42d3-9a8e-d044c50fa57c.ta -r--r--r-- 2 sumit sumit 197K Dec 21 17:31 c7e478c2-89b3-46eb-ac19-571e66c3830d.ta ``` Before this PR: ``` $ ls -lh ./per-package/optee_rust_examples_ext/target/lib/optee_armtz/ ... -r--r--r-- 2 sumit.garg primary 272K Dec 19 10:26 057f4b66-bdab-11eb-96cf-33d6e41cc849.ta -r--r--r-- 2 sumit.garg primary 273K Dec 19 10:26 0864c8ec-bdab-11eb-8926-c7fa47a8c92d.ta -r--r--r-- 2 sumit.garg primary 273K Dec 19 10:26 0a5a06b2-bdab-11eb-add0-77f29de31296.ta -r--r--r-- 2 sumit.garg primary 273K Dec 19 10:27 0bef16a2-bdab-11eb-94be-6f9815f37c21.ta -r--r--r-- 2 sumit.garg primary 272K Dec 19 10:27 0e6bf4fe-bdab-11eb-9bc5-3f4ecb50aee7.ta -r--r--r-- 2 sumit.garg primary 264K Dec 19 10:27 10de87e2-bdab-11eb-b73c-63fec73e597c.ta -r--r--r-- 2 sumit.garg primary 264K Dec 19 10:28 133af0ca-bdab-11eb-9130-43bf7873bf67.ta -r--r--r-- 2 sumit.garg primary 272K Dec 19 10:28 1585d412-bdab-11eb-ba91-3b085fd2601f.ta ... -r--r--r-- 2 sumit.garg primary 264K Dec 19 10:29 197c710c-bdab-11eb-8f3f-17a5f698d23b.ta -r--r--r-- 2 sumit.garg primary 268K Dec 19 10:29 1cd6d392-bdab-11eb-9082-abc902ac5cd4.ta ... -r--r--r-- 2 sumit.garg primary 260K Dec 19 10:32 21b1a1da-bdab-11eb-b614-275a7098826f.ta -r--r--r-- 2 sumit.garg primary 273K Dec 19 10:31 255fc838-de89-42d3-9a8e-d044c50fa57c.ta ... -r--r--r-- 2 sumit.garg primary 338K Dec 19 10:31 c7e478c2-89b3-46eb-ac19-571e66c3830d.ta ... ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
