> > But I do think by limiting the enclave programming language to Rust, and
> > not trusting any external battlefield-tested library (sqlite in this case)
> > would limit the scope of this project.
>
> Yes, I agree with you. This is another topic we can discuss more.
>
> Originally, the SGX SDK is designed to serve logics (app and enclave) written
> in Rust code. For example, ocall interfaces are only for Rust standard
> library. However, if you want to use FFI to call C library like sqlite, you
> have to implement some new ocall interfaces, which is extremely dangerous.
I believe I have got rid of all the newly created ocall interfaces for sqlite
in my previous commit? I believe it is now using the syscalls provided by Rust
SGX SDK (either Rust PAL or Intel SGX SDK PAL I guess). I left a comment
before. Please Correct me if I am wrong!
> However, we can provide an "ocall" abstraction layer (or so called platform
> abstraction layer) and give Rust and C interfaces (ABIs) to serve both Rust
> standard library and libc. This layer only focus on providing a secure yet
> universal "ocall" interfaces. Specifically, this layer is written in Rust and
> export C FFI to serve upper C libraries. I understand my description is still
> very obscure, but that's the rough idea I have. Here is a simple graph to
> demonstrate my thoughts:
>
Yea, I remember there was also a paper from Singapore doing such a thing in the
beginning. And I see there is a decent amount of checking written in Rust e.g.
sgx_tstd.
> ```
> --
> Enclave (Rust)| Enclave (C)
> --+-+-
> Rust standard library | libc| SGX platform interfaces (Rust/C FFI)
> --+-+
> ocall interfaces (Rust) |
> +-
> ```
Thanks for drawing the figure! So my understanding of this figure is that,
Enclave written in Rust fully runs on top of Rust sgx_tstd. But Enclave written
in C is not taking advantage of rigorous checking of Rust sgx_tstd but instead
relies on Intel's tstdc (and Intel does not provide checks on the primitive
ocalls? I believe they also do?) For the SGX platform interfaces (Rust/C FFI),
I believe Enclave written in either Rust or C is taking advantage of it through
FFI (Rust) or linked together (C). So if I am understanding correctly, you are
saying that Rust sgx_tstd is more trustworthy than tstdc provided by Intel? So
we shall not use external C libraries even if they do not bring further ocalls?
Please correct me if I am wrong! Thank you so much for your explanations!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/pull/274#issuecomment-715666742
