[RESULT][VOTE] Release Apache Teaclave (incubating) v0.3.0-rc.1
Hi all, Thanks to everyone that participated. The vote to release Apache Teaclave (incubating) version 0.3.0 Release Candidate 1 in general@incuabator is now closed. Vote thread: https://lists.apache.org/thread.html/r018fb18270819082d15b106a9261144c8b27144cef992b68db537597%40%3Cgeneral.incubator.apache.org%3E The vote PASSED with 5 binding +1, 0 non binding +1 and 0 -1 votes: Binding votes: - Gordon King - Yulong Zhang - Xun Liu - Hongbo Chen - Rundong Zhou I will be working on publishing the artifacts of Apache Teaclave (incubating) v0.3.0 and post an announcement. Thanks. Mingshen - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
[apache/incubator-teaclave] Release v0.3.0 - Apache Teaclave (incubating) 0.3.0
Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple. This is the third official Apache Incubator release. In this release, we focus more on bringing WebAssembly into Teaclave. Now, you can run functions written in different languages in Teaclave with the WebAssembly executor. Specifically, we modify WebAssembly Micro Runtime and add it as a new executor in Teaclave. To illustrate the capability of the executor, we also support WebAssembly machine learning models compiled by Apache TVM. Apache TVM is an open source machine learning compiler framework for CPUs, GPUs, and machine learning accelerators. TVM also supports WebAssembly runtime backend. We also introduce a new MNIST inference example to show the usage of the new executor with TVM. Here is a list of notable chanages in Teaclave version 0.3.0. **Features** - Add the WebAssemly executor to support functions written in other languages. - Exmples of runing C and Rust with the WebAssembly executor. - Support inference tasks with models compiled by TVM. - Add the MNIST inference example to demonstrate the ability of using TVM in Teaclave. **Enhancements** - Add the script to simplify developing with editors with Rust's Language Server Protocol support. - Upgrade SGX SDK dependencies, i.e., Intel SGX SDK to version 2.14.100.2, DCAP to version 1.11.100.2. **Bug Fixes** - Update the SGX SDK used in the runtime dockerfile. - Fix Python.h not found when compiling acs_py_enclave.c. - Fix building system messed up by untracked Cargo.lock files. - Fix dcap building issue. **Docs** - Add instruction to config URLs of input/output files in examples. - Executing WebAssembly in Teaclave: https://teaclave.apache.org/docs/executing-wasm/. - Inferencing with TVM in Teaclave: https://teaclave.apache.org/docs/inference-with-tvm/. -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/apache/incubator-teaclave/releases/tag/v0.3.0
[apache/incubator-teaclave] Doc: C code can also be compiled using Zig (#550)
## Description No need for another full LLVM installation if Zig is already installed. Fixes # (issue) ## Type of change (select or add applied and delete the others) - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [X] API change with a documentation update - [ ] Additional test coverage - [ ] Code cleanup or just sync with upstream third-party crates ## How has this been tested? By compiling the example code using `zig` instead of installing `wasi-sdk`. ## Checklist - [X] Fork the repo and create your branch from `master`. - [ ] If you've added code that should be tested, add tests. - [ ] If you've changed APIs, update the documentation. - [ ] Ensure the tests pass (see CI results). - [ ] Make sure your code lints/format. You can view, comment on, or merge this pull request online at: https://github.com/apache/incubator-teaclave/pull/550 -- Commit Summary -- * Doc: C code can also be compiled using Zig -- File Changes -- M docs/executing-wasm.md (7) -- Patch Links -- https://github.com/apache/incubator-teaclave/pull/550.patch https://github.com/apache/incubator-teaclave/pull/550.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/550
Re: [apache/incubator-teaclave] Doc: C code can also be compiled using Zig (#550)
Let me try if it works in the WAMR executor. Thanks! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/550#issuecomment-904169498
Re: [apache/incubator-teaclave] Doc: C code can also be compiled using Zig (#550)
I tried `zig` 0.8 on Ubuntu and it works for `simple_add` example. I'm not so familiar with `zig`, @jedisct1 could you please explain the benefits of compiling C to WASM with `zig`? It would be great if you can add one or two sentences in the document! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/550#issuecomment-904249296
Re: [apache/incubator-teaclave] Doc: C code can also be compiled using Zig (#550)
> I tried `zig` 0.8 on Ubuntu and it works for `simple_add` example. > > I'm not so familiar with `zig`, @jedisct1 could you please explain the > benefits of compiling C to WASM with `zig`? It would be great if you can add > one or two sentences in the document! I believe on benefit he mentioned in the PR is "No need for another full LLVM installation if Zig is already installed." -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/550#issuecomment-904303114
[GitHub] [incubator-teaclave-website] RMheng commented on a change in pull request #5: add developing Teaclave SGX Application doc
RMheng commented on a change in pull request #5: URL: https://github.com/apache/incubator-teaclave-website/pull/5#discussion_r694511314 ## File path: site/blog/2021-08-13-developing-sgx-application-with-teaclave-sgx-sdk.md ## @@ -0,0 +1,331 @@ +--- +title: 使用 Teaclave SGX SDK 开发 SGX 应用 +date: 2021-08-13 +author: Wenwen Ruan +--- + +[[TOC]] + + +## Teaclave SGX SDK应用开发环境简介以及搭建 + +Intel SGX (软件防护扩展,Software Guard Extension) 提供了在一个安全的 enclave(飞地)中执行代码的能力,enclave 可以提供一个隔离的可信执行环境,在操作系统、BIOS 和虚拟机监控器等系统软件均不可信的情况下,仍然对 enclave 内部的代码和数据提供保护,保障用户的关键数据和代码的机密性和完整性。 + +但如果 Intel SGX 程序仍然使用 C/C++ 这类内存不安全的语言开发的话,就会和传统软件一样面临着传统的内存破坏漏洞。对于 enclave 来说,受到的危害会更为严重,因为 enclave 中保存的多是机密数据和代码。Teaclave SGX 的主要目标就是通过使用高效的内存安全语言 —— Rust 来支持 enclave 应用程序的开发,从而在保证 Intel SGX enclave 内存安全的同时不会带来显著的性能开销。 + +Teaclave SGX SDK 内部结构分为三层: + ++ 最底层是使用 C/C++ 和汇编实现的 Intel SGX SDK。 ++ 中间层是 Rust 对 C/C++ 的 FFI (Foreign function Interfaces, 外部函数接口)。 ++ 最高层是 Teaclave SGX SDK。 + + + +Teaclave SGX SDK 应用程序开发者在进行开发时就只需要基于最上层的 Teaclave SGX SDK 来进行开发,底层的实现对于开发者来说是透明的。本文将从开发者的角度介绍基于 Teaclave SGX SDK 开发自己的应用程序的过程。 + +### 准备条件 + ++ Ubuntu16.04 或者 18.04 或者 20.04 (Teaclave SGX SDK v1.1.3 中增加了对 Ubuntu 20.04 的支持) ++ docker 环境 + +*本文基于 Teaclave SGX SDK v1.1.3 提交哈希值:d107bd0718f723221750a4f2973451b386cbf9d2* + + +### 基于 docker 配置 Teaclave SGX SDK 开发环境 + +首先需要用户机器 CPU 支持 Intel SGX 并且在 BIOS 上开启了 Intel SGX 支持。用户可以通过 [SGX-hardware项目](https://github.com/ayeks/SGX-hardware) 或者在 [Intel 官网](https://www.intel.com/content/www/us/en/products/details/processors.html) 中搜索自己的 CPU 型号查看是否支持 Intel SGX。下图以 Intel Core i7-7700K 处理器为例,如下图所示,该机型支持 SGX。 + + + +当确定 CPU 支持 Intel SGX 之后,还需要开启 BIOS 中的 SGX 选项。CPU 上的 SGX 选项可能有 `enabled` 或者 `software controlled`。具有 `enabled` 选项的主机直接在 BIOS 上选择 `enabled` 即可,而`software controlled` 表示 SGX 的开启需要由软件触发,还需通过 Intel 官方提供的 [sgx-software-enable](https://github.com/intel/sgx-software-enable) 开启。下载好 `sgx-software-enable` 之后,运行 `Makefile` 编译生成可执行代码 `sgx_enable` ,执行 `sudo ./sgx_enable` 顺利运行后重启主机,即可顺利开启 Intel SGX。 + +硬件条件准备完毕之后,还需要安装 [Linux SGX 驱动](https://download.01.org/intel-sgx/sgx-linux/2.10/distro/ubuntu16.04-server/sgx_linux_x64_driver_2.6.0_602374c.bin) ,安装完毕之后需要确认 `/dev/isgx` 的存在。 Review comment: 感谢comments,已经根据comments进行了修改 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
