Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1866227575 @DemesneGH @Sword-Destiny @jbech-linaro @jenswi-linaro @jforissier @etienne-lms @daniel-thompson @Ablu Fyi.. Feedback/comments are very much welcome, thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867381182 @b49020 Thanks so much for your contributions! Since the `std` still fits some cases which relying on `serde`, `network`, and other crates that have not support `no-std` yet, how about merging the PR into the separate branch from `master`? BTW please check out the failed CI tasks, thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867496382 Thanks @DemesneGH for your comments. > Since the std still fits some cases which relying on serde, network, and other crates that have not support no-std yet, how about merging the PR into the separate branch from master? Sure I am open to merging this in separate branch for now but I would like to see `optee-utee` crate new release with `no-std` support. That would allow people to write their own TAs using latest rust toolchain support without the need to have this full SDK cloned. I would like to give trusted keys TA rewrite in rust a try so that we have real world TAs written in rust rather than just examples in this SDK. > BTW please check out the failed CI tasks My bad, I forgot to update linker configuration for host applications. The build didn't show any issue for me since the host applications weren't rebuilt. BTW, the issue should be fixed now, please re-run CI now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
daniel-thompson commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867542344 Rather than create a branch is it possible to introduce a no_std feature to optee-utee crate (similar to crates like serde which support no_std but it is optional). That would allow progressive adoption of no_std without having to fork. Cargo can handle some quite complex feature combinations, including marking up examples that require std-only crates so you don't need to enable them crate wide. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867546355 > Rather than create a branch is it possible to introduce a no_std feature to optee-utee crate (similar to crates like serde which support no_std but it is optional). That would allow progressive adoption of no_std without having to fork. Good point. I agree with you. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867548910 @b49020 Seems there are some license issue on CI: ``` ERROR the following files don't have a valid license header: examples/acipher-rs/ta/dyn_list examples/aes-rs/ta/dyn_list examples/authentication-rs/ta/dyn_list examples/big_int-rs/ta/dyn_list examples/diffie_hellman-rs/ta/dyn_list examples/digest-rs/ta/dyn_list examples/hello_world-rs/ta/dyn_list examples/hotp-rs/ta/dyn_list examples/random-rs/ta/dyn_list examples/secure_storage-rs/ta/dyn_list examples/signature_verification-rs/ta/dyn_list examples/supp_plugin-rs/ta/dyn_list examples/time-rs/ta/dyn_list ERROR one or more files does not have a valid license header ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867653132 > Rather than create a branch is it possible to introduce a no_std feature to optee-utee crate (similar to crates like serde which support no_std but it is optional). That would allow progressive adoption of no_std without having to fork. That sounds fine but for `std` counterpart I am not sure if the current custom OP-TEE toolchain target (along with libc and compiler builtin forks) can support the latest rust nightly toolchain. Currently its based on `nightly-2021-09-20`. But we need recent nightly releases for C FFI bindings like `core::ffi::c_size_t`. @DemesneGH any thoughts on the uprev? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867654954 > Seems there are some license issue on CI: `dyn_list` files are generated by `/ta/link.mk` and to be consumed directly by the linker. So I don't think they deserve any license text. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1867656134 The current CI failure is due to following missing patch to OP-TEE build repo as I have stated above: ``` build$ git diff diff --git a/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk b/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk index e19e8b5..af2f368 100644 --- a/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk +++ b/br-ext/package/optee_rust_examples_ext/optee_rust_examples_ext.mk @@ -12,7 +12,7 @@ endif EXAMPLE = $(wildcard examples/*) HOST_TARGET := aarch64-unknown-linux-gnu -TA_TARGET := aarch64-unknown-optee-trustzone +TA_TARGET := aarch64-unknown-linux-gnu export RUST_TARGET_PATH = $(@D) export RUST_COMPILER_RT_ROOT = $(RUST_TARGET_PATH)/rust/rust/src/llvm-project/compiler-rt ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
Ablu commented on code in PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#discussion_r1435265884 ## rust-toolchain.toml: ## @@ -18,6 +18,5 @@ # Toolchain override for rustup [toolchain] -channel = "nightly-2021-09-20" -components = ["rust-src"] +channel = "nightly" Review Comment: I would recommend to keep this pinned to "some" nightly to prevent things from breaking in a non-bisectable manner. ## examples/authentication-rs/ta/build.rs: ## @@ -58,5 +82,12 @@ fn main() -> std::io::Result<()> { println!("cargo:rustc-link-search={}", search_path.display()); println!("cargo:rustc-link-lib=static=utee"); +println!("cargo:rustc-link-lib=static=utils"); +println!("cargo:rustc-link-arg=-Tta.lds"); +println!("cargo:rustc-link-arg=-e__ta_entry"); +println!("cargo:rustc-link-arg=-pie"); +println!("cargo:rustc-link-arg=-Os"); +println!("cargo:rustc-link-arg=--sort-section=alignment"); +println!("cargo:rustc-link-arg=--dynamic-list=dyn_list"); Review Comment: One could probably move the boilerplate code into a crate that is only used as dev-dependencies to avoid the duplication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on code in PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#discussion_r1436390028 ## examples/authentication-rs/ta/build.rs: ## @@ -58,5 +82,12 @@ fn main() -> std::io::Result<()> { println!("cargo:rustc-link-search={}", search_path.display()); println!("cargo:rustc-link-lib=static=utee"); +println!("cargo:rustc-link-lib=static=utils"); +println!("cargo:rustc-link-arg=-Tta.lds"); +println!("cargo:rustc-link-arg=-e__ta_entry"); +println!("cargo:rustc-link-arg=-pie"); +println!("cargo:rustc-link-arg=-Os"); +println!("cargo:rustc-link-arg=--sort-section=alignment"); +println!("cargo:rustc-link-arg=--dynamic-list=dyn_list"); Review Comment: Sure, I will look for ways to move this into `optee-utee` crate. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on code in PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#discussion_r1436397206 ## rust-toolchain.toml: ## @@ -18,6 +18,5 @@ # Toolchain override for rustup [toolchain] -channel = "nightly-2021-09-20" -components = ["rust-src"] +channel = "nightly" Review Comment: Although I thought there are minimal feature dependency [1] we have for nightly releases but you are right we should pin that. BTW, I hope that nightly dependencies would be stabilised soon and we can switch to stable toolchain releases tracking mainline. #![feature(c_size_t)] (https://github.com/rust-lang/rust/issues/88345) #![feature(error_in_core)] (https://github.com/rust-lang/rust/issues/103765) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1869459472 Thanks @Ablu for your review. > It looks like there is interest to optimize for size. Since you are using nightly anyway, you may want to try: Binary size reduction is not such a hard requirement here. However, from security point of view its better to reduce code footprint which this `no_std` adoption would provide us. Also, I would like to keep nightly dependencies to a minimal since we should aim to migrate to a stable toochain build instead. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1869462037 > That sounds fine but for `std` counterpart I am not sure if the current custom OP-TEE toolchain target (along with libc and compiler builtin forks) can support the latest rust nightly toolchain. Currently its based on `nightly-2021-09-20`. But we need recent nightly releases for C FFI bindings like `core::ffi::c_size_t`. @DemesneGH any thoughts on the uprev? @b49020 I see. I think after upstreaming the `aarch64-unknown-optee-trustzone` target (as discussed at https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/113) we can support the latest toolchain and then proceed to merge the `no-std` as the feature. Since that needs more effort, I'd prefer the separate `no-std` branch for now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1869494073 @DemesneGH How about we rather stick the `std` based TAs to `v0.2.0` of `optee-utee` crate and merge `no-std` feature in a later version of `optee-utee` crate using latest rust toolchain? Although I am still uncertain about stability (reasons already provided [here](https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/113#issuecomment-1824164889)) of `aarch64-unknown-optee-trustzone` target but we shouldn't gate OP-TEE rust development for its availability upstream. BTW, we can very well uprev `std` TAs once we have that upstream support available. This will atleast allow the adoption of `no-std` TAs with migration option for other `std` TAs as well. Also, as I mentioned earlier we would like to provide OP-TEE community with standardized rust environment to develop standalone TAs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1869524609 > The current CI failure is due to following missing patch to OP-TEE build repo as I have stated above: The patch has been posted here: https://github.com/OP-TEE/build/pull/714 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1869562935 @b49020 do you need a new release on https://crates.io/crates/optee-utee? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870312898 @daniel-thompson @DemesneGH So I gave `no_std` being an optional feature a try for `optee-utee` and `optee-utee-sys` crates, it turns out that I found a way to keep the std TAs alongside no_std TAs. I did managed the older rust toolchain pinning for std TAs via following in the Makefile: ``` rustup override set nightly-2021-09-20 @xargo build --target $(TARGET) --release --verbose -Z unstable-options --config $(LINKER_CFG) rustup override unset ``` I hope this is something we can agree upon, feedback/comments are very much welcome. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870317029 > do you need a new release on https://crates.io/crates/optee-utee? Yeah once we have sufficient functionality implemented to enable standalone rust TAs development. I suppose we still lack inter TA communication rust library APIs, right? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870821795 @DemesneGH The CI reports `No space left on device`, are there any space constraints for CI? BTW, I don't think this PR adds anything extra apart from extra latest nightly toolchain installation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-187095 > The CI reports `No space left on device`, are there any space constraints for CI? The Github actions provide at least 14G storage (reference: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources). It would be more than 14GB sometimes (https://github.com/actions/runner-images/issues/2840#issuecomment-791177163) since the error haven't occurred before. There are some workaround on https://github.com/actions/runner-images/issues/2840#issuecomment-790492173 but I'd prefer to remove the dependencies of `aarch64-unknown-optee-trustzone` target (large clones in setup.sh). --- I'm trying to summarize the conclusions we reached and the steps for breaking down, please correct me if I've misunderstood: STAGE 1: 1. keep the `no-std` a separate branch from `master`. 2. publish the optee-utee crate on crates.io. The `optee-utee` crate is `no-std` by default, corresponding to `no-std` branch on repo. Users can import the crate using `cargo add optee-utee`. 3. When users need the `std` , they should clone the SDK repo of `master` branch and setup the environment. comments: - for `no-std` branch: 1. Recommend removing all `aarch64-unknown-optee-trustzone`target related files such as `aarch64-unknown-optee-trustzone.json`, `arm-unknown-optee-trustzone.json`, `environment`, and `std`-only `examples`. It makes things clear and also helps us to figure out the difference when we trying to merge the `no-std` branch at STAGE 2. (BTW it's also the workaround for the `no space left` issue above) - for publishing optee-utee crates: 1. todo: support for inter-TA APIs 2. Aiming that users use the `optee-utee` crate with just `cargo add`, we may need a `build.rs` inside the `optee-utee` crate which download toolchains, optee c source code and compile c libs. STAGE 2 (after the STAGE 1 is finished): - for master branch: 1. merge the new released `optee-utee` crate (enable the `std` feature) 2. proceed `aarch64-unknown-optee-trustzone` uprev 3. consider merging the `no-std` into `master` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870959974 @DemesneGH I mostly agree with your stage 1 but for stage 2 I think once we have published `optee-utee` crate on crates.io then we can just drop `optee-utee` from `master` branch and instead just use: ``` optee-utee = { version = "x.x.x", features = ["std"] } ``` This would avoid any divergence and allow the std counterpart to be regularly tested with latest `optee-utee` changes too. I think we should follow the same approach for `optee-teec` as well where `no-std` acts as the main development branch and releases are synced to crates.io. OTOH, if we rather have `std` as a separate branch and keep `master` as the main development branch then it would be even better. If you agree then please feel free to create a separate branch (std or no-std). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870966511 > if we rather have std as a separate branch and keep master as the main development branch then it would be even better. So once we have the `aarch64-unknown-optee-trustzone` upstreamed then it would just be a simple move to migrate `std` examples from `std` branch to `master` branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870971101 > if we rather have `std` as a separate branch and keep `master` as the main development branch then it would be even better Sure, after we finished the stage 1 which means the `no-std` is stable I'm okay to set the `no-std` as main branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870975882 > Sure, after we finished the stage 1 which means the no-std is stable I'm okay to set the no-std as main branch. Fair enough, let's go with `no-std` branch then. Let me know once it's created, I will create a PR for that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1870981056 https://github.com/apache/incubator-teaclave-trustzone-sdk/tree/no-std, thanks! @b49020 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1871049110 @DemesneGH Created PR for `no-std` here: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/115 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1871784821 @DemesneGH With `no-std` changes merged, the next step is to publish `optee-utee` crate. > todo: support for inter-TA APIs Although I agree it is an important feature which I will target next but I still think we can have `v0.3.0` published for `optee-utee` crate without it to allow developers start playing with standalone rust TAs. We can target this feature for next `v0.4.0` release. > Aiming that users use the optee-utee crate with just cargo add, we may need a build.rs inside the optee-utee crate which download toolchains, optee c source code and compile c libs. I don't think we should bundle a script to build OP-TEE OS since it can be configured in many ways for different platforms. We should rather depend on `TA_DEV_KIT_DIR` environment variable to provide path to pre-build OP-TEE utee libraries. This is quite similar to C development environment. I will make corresponding changes to `optee-utee` crate regarding this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1872127303 > We should rather depend on TA_DEV_KIT_DIR environment variable to provide path to pre-build OP-TEE utee libraries. This is quite similar to C development environment. I will make corresponding changes to optee-utee crate regarding this. Fyi.. https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/116 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
jforissier commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1873798034 > > The CI reports `No space left on device`, are there any space constraints for CI? > > The Github actions provide at least 14G storage (reference: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources). It would be more than 14GB sometimes ([actions/runner-images#2840 (comment)](https://github.com/actions/runner-images/issues/2840#issuecomment-791177163)) since the error haven't occurred before. > > There are some workaround on [actions/runner-images#2840 (comment)](https://github.com/actions/runner-images/issues/2840#issuecomment-790492173) but I'd prefer to remove the dependencies of `aarch64-unknown-optee-trustzone` target (large clones in setup.sh). This might help: https://github.com/OP-TEE/optee_os/commit/788069fa88ed8bf376a07991196fbf80c36b7e06 (although minimizing the cloned data is certainly a good idea regardless). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1873912783 > This might help: https://github.com/OP-TEE/optee_os/commit/788069fa88ed8bf376a07991196fbf80c36b7e06 (although minimizing the cloned data is certainly a good idea regardless). With https://github.com/OP-TEE/manifest/pull/260, the rust build would be significantly lighter for OP-TEE CI. Given that I am also thinking that we should probably get rid of `OPTEE_RUST_ENABLE` flag and enable OP-TEE rust examples in the default build, thoughts? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
jforissier commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1874024214 > > This might help: [OP-TEE/optee_os@788069f](https://github.com/OP-TEE/optee_os/commit/788069fa88ed8bf376a07991196fbf80c36b7e06) (although minimizing the cloned data is certainly a good idea regardless). > > With [OP-TEE/manifest#260](https://github.com/OP-TEE/manifest/pull/260), the rust build would be significantly lighter for OP-TEE CI. Given that I am also thinking that we should probably get rid of `OPTEE_RUST_ENABLE` flag and enable OP-TEE rust examples in the default build, thoughts? Perhaps just make it `?= y` by default, but it is always good to have a way to disable things in case they break. This also raises the question of `make check` (C apps) vs `make check-rust`. Should `make check` run both? (it makes sense if `make` builds both). But then we may want to be able to run only the C apps perhaps (`make check-c`?). TBD. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
b49020 commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1875052776 > Perhaps just make it ?= y by default, but it is always good to have a way to disable things in case they break. That sounds reasonable. I will do that as a next step to current rust examples build refactoring. > This also raises the question of make check (C apps) vs make check-rust. Should make check run both? (it makes sense if make builds both). But then we may want to be able to run only the C apps perhaps (make check-c?). TBD. How about if we rather add `rust.exp` to build repo and have the check tests conditional under `CHECK_TESTS` similar to what we did for trusted keys tests? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
jforissier commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-1875077034 > > Perhaps just make it ?= y by default, but it is always good to have a way to disable things in case they break. > > That sounds reasonable. I will do that as a next step to current rust examples build refactoring. OK thanks. > > This also raises the question of make check (C apps) vs make check-rust. Should make check run both? (it makes sense if make builds both). But then we may want to be able to run only the C apps perhaps (make check-c?). TBD. > > How about if we rather add `rust.exp` to build repo and have the check tests conditional under `CHECK_TESTS` similar to what we did for trusted keys tests? Yes, much better :+1: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
Re: [PR] RFC: An effort to standardize OP-TEE rust based TAs development environment [incubator-teaclave-trustzone-sdk]
DemesneGH commented on PR #114: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/114#issuecomment-2100125078 Hi @b49020 Could you review the updated README which added the `no-std` description? https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/128 Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org