incubator-teaclave-sgx-sdk icon indicating copy to clipboard operation
incubator-teaclave-sgx-sdk copied to clipboard
verified publisher icon apache

Local attestation - App written in Rust

Open blmalone opened this issue 5 years ago • 5 comments

There are a bunch of function that I need from

extern crate sgx_tstd as std;

within the enclaves.

Adding it as a dependency to the Cargo file of each enclave causes a dependency clash. How can I use the common attestation dependency so that I only import these functions once?

e.g error:

error: cannot find macro `println` in this scope
  --> src/lib.rs:33:5
   |
33 |     println!("testing that this gets imported");

blmalone avatar Mar 18 '21 23:03 blmalone

@dingelish have you any ideas?

blmalone avatar Mar 22 '21 17:03 blmalone

Regarding to the missing macro definition println! please add #[macro_use] before you do extern crate sgx_tstd as std. reference: https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/hello-rust/enclave/src/lib.rs#L26

the reason is that by default, rust brings these on a regular lib.rs file (without no_std or no_core)

#[macro_use]
extern crate std;

and this on every .rs file:

use std::prelude::v1::*;

to import sgx_tstd you need to (on a 2015-styled crate) and using cargo (not xargo):

  1. #[macro_use] extern crate sgx_tstd as std in lib.rs only
  2. use std::prelude::v1::* in every .rs where you need functions exported by std;

dingelish avatar Mar 22 '21 19:03 dingelish

@dingelish I'd like to use the localattestation project but have the app written in rust instead of cpp. I've been wrestling with this for a while now. I'm getting tripped up on ensuring that the Makefile is configured correctly. Do you have any examples of this already done?

This make file which I've modified:

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

######## SGX SDK Settings ########

SGX_SDK ?= /opt/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64

TOP_DIR := ../..
include $(TOP_DIR)/buildenv.mk

ifeq ($(shell getconf LONG_BIT), 32)
	SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
	SGX_ARCH := x86
endif

ifeq ($(SGX_ARCH), x86)
	SGX_COMMON_CFLAGS := -m32
	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
	SGX_COMMON_CFLAGS := -m64
	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif

ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif

ifeq ($(SGX_DEBUG), 1)
	SGX_COMMON_CFLAGS += -O0 -g
else
	SGX_COMMON_CFLAGS += -O2
endif

SGX_COMMON_CFLAGS += -fstack-protector

######## CUSTOM Settings ########

CUSTOM_LIBRARY_PATH := ./lib
CUSTOM_BIN_PATH := ./bin
CUSTOM_EDL_PATH := ../../edl
CUSTOM_COMMON_PATH := ../../common

######## EDL Settings ########

Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h enclave2/Enclave2_t.c enclave2/Enclave2_t.h app/Enclave_u.c app/Enclave_u.h app/Enclave2_u.c app/Enclave2_u.h 

######## APP Settings ########

App_Rust_Flags := --release
App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml')
App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I./attestation -I./Include -I$(CUSTOM_EDL_PATH)
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)

App_Rust_Path := ./app/target/release
App_Enclave_u_Object :=lib/libEnclave_u.a
App_Enclave2_u_Object :=lib/libEnclave2_u.a
App_Name := bin/app

######## Enclave Settings ########

ifneq ($(SGX_MODE), HW)
	Trts_Library_Name := sgx_trts_sim
	Service_Library_Name := sgx_tservice_sim
else
	Trts_Library_Name := sgx_trts
	Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
KeyExchange_Library_Name := sgx_tkey_exchange
ProtectedFs_Library_Name := sgx_tprotected_fs

RustEnclave_C_Files := $(wildcard ./enclave/*.c ./enclave2/*.c ./attestation/*.c)
RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o)
RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid

RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) 
RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) $(ENCLAVE_CFLAGS) $(RustEnclave_Include_Paths)
RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
	-Wl,--start-group -lsgx_tstdc -l$(Crypto_Library_Name) -l$(Service_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \
	-Wl,--version-script=enclave/Enclave.lds \
	$(ENCLAVE_LDFLAGS)

RustEnclave_Name := enclave/enclave.so
RustEnclave2_Name := enclave2/enclave2.so

Signed_RustEnclave_Name := bin/enclave.signed.so
Signed_RustEnclave2_Name := bin/enclave2.signed.so

.PHONY: all
all: $(Enclave_EDL_Files) $(App_Name) $(Signed_RustEnclave_Name) $(Signed_RustEnclave2_Name)

######## EDL Objects ########

$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl enclave2/Enclave2.edl
	$(SGX_EDGER8R) --use-prefix --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir enclave
	$(SGX_EDGER8R) --use-prefix --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --untrusted-dir app

	$(SGX_EDGER8R) --use-prefix --trusted enclave2/Enclave2.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir enclave2
	$(SGX_EDGER8R) --use-prefix --untrusted enclave2/Enclave2.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --untrusted-dir app
	
	@echo "GEN  =>  $(Enclave_EDL_Files)"

######## App Objects ########

app/Enclave_u.o: $(Enclave_EDL_Files)
	@$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@
	@echo "CC   <=  $<"

$(App_Enclave_u_Object): app/Enclave_u.o
	$(AR) rcsD $@ $^

app/Enclave2_u.o: $(Enclave_EDL_Files)
	@$(CC) $(App_C_Flags) -c app/Enclave2_u.c -o $@
	@echo "CC   <=  $<"

$(App_Enclave2_u_Object): app/Enclave2_u.o
	$(AR) rcsD $@ $^

$(App_Name): $(App_Enclave_u_Object) $(App_Enclave2_u_Object) $(App_SRC_Files) sgx_ustdc
	cp ../../sgx_ustdc/libsgx_ustdc.a ./lib
	@cd app && SGX_SDK=$(SGX_SDK) cargo build --verbose $(App_Rust_Flags)
	@echo "Cargo  =>  $@"
	mkdir -p bin
	cp $(App_Rust_Path)/app ./bin

######## Enclave Objects ########

##### Enclave 1 ###########

enclave/Enclave_t.o: enclave/Enclave_t.c
	@$(CC) $(RustEnclave_Compile_Flags) -c $< -o $@
	@echo "CC   <=  $<"

$(RustEnclave_Name): enclave enclave/Enclave_t.o
	@$(CXX) enclave/Enclave_t.o -o $@ -lenclave $(RustEnclave_Link_Flags)
	@echo "LINK =>  $@"	

$(Signed_RustEnclave_Name): $(RustEnclave_Name)
	mkdir -p bin
	@$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml
	@echo "SIGN =>  $@"

##### Enclave 2 ###########

enclave2/Enclave2_t.o: enclave2/Enclave2_t.c
	@$(CC) $(RustEnclave_Compile_Flags) -c $< -o $@
	@echo "CC   <=  $<"

$(RustEnclave2_Name): enclave2 enclave2/Enclave2_t.o
	@$(CXX) enclave2/Enclave2_t.o -o $@ -lenclave2 $(RustEnclave_Link_Flags)
	@echo "LINK =>  $@"

$(Signed_RustEnclave2_Name): $(RustEnclave2_Name)
	mkdir -p bin
	@$(SGX_ENCLAVE_SIGNER) sign -key enclave2/Enclave2_private.pem -enclave $(RustEnclave2_Name) -out $@ -config enclave2/Enclave2.config.xml
	@echo "SIGN =>  $@"

.PHONY: enclave
enclave:
	$(MAKE) -C ./enclave/

.PHONY: enclave2
enclave2:
	$(MAKE) -C ./enclave2/

.PHONY: sgx_ustdc
sgx_ustdc:
	$(MAKE) -C ../../sgx_ustdc/ 2> /dev/null

.PHONY: clean
clean:
	@rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) $(RustEnclave2_Name) $(Signed_RustEnclave2_Name) enclave/*_t.* enclave2/*_t.* app/*_u.* lib/*.a
	@cd enclave && cargo clean && rm -f Cargo.lock
	@cd enclave2 && cargo clean && rm -f Cargo.lock
	@cd app && cargo clean && rm -f Cargo.lock
	@cd attestation && cargo clean && rm -f Cargo.lock

and /app/build.rs file:

use std::env;

fn main () {

    let sdk_dir = env::var("SGX_SDK")
                    .unwrap_or_else(|_| "/opt/sgxsdk".to_string());
    let is_sim = env::var("SGX_MODE")
                    .unwrap_or_else(|_| "HW".to_string());

    println!("cargo:rustc-link-search=native=../lib");
    println!("cargo:rustc-link-lib=static=Enclave_u");
    println!("cargo:rustc-link-lib=static=Enclave2_u");

    println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
    match is_sim.as_ref() {
        "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"),
        "HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"),
        _    => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW
    }
}

results in:

note: /usr/bin/ld: ../lib/libEnclave_u.a(Enclave_u.o): in function `Enclave_end_session_ocall':
          Enclave_u.c:(.text+0x7ed): undefined reference to `end_session_ocall'
          /usr/bin/ld: ../lib/libEnclave_u.a(Enclave_u.o): in function `Enclave_exchange_report_ocall':
          Enclave_u.c:(.text+0x815): undefined reference to `exchange_report_ocall'
          /usr/bin/ld: ../lib/libEnclave_u.a(Enclave_u.o): in function `Enclave_session_request_ocall':
          Enclave_u.c:(.text+0x831): undefined reference to `session_request_ocall'
          /usr/bin/ld: ../lib/libEnclave2_u.a(Enclave2_u.o): in function `Enclave2_end_session_ocall':
          Enclave2_u.c:(.text+0x7ed): undefined reference to `end_session_ocall'
          /usr/bin/ld: ../lib/libEnclave2_u.a(Enclave2_u.o): in function `Enclave2_exchange_report_ocall':
          Enclave2_u.c:(.text+0x815): undefined reference to `exchange_report_ocall'
          /usr/bin/ld: ../lib/libEnclave2_u.a(Enclave2_u.o): in function `Enclave2_session_request_ocall':
          Enclave2_u.c:(.text+0x831): undefined reference to `session_request_ocall'
          collect2: error: ld returned 1 exit status

My experience with integrating Cargo with this build pipeline is limited.

blmalone avatar Mar 22 '21 19:03 blmalone

@blmalone no worries. i'll get this done in 1~2 days :-)

but i don't have the latest "localattestation" similar to Intel's sample right now. the current local attestation is a Rust implementation of a very early version of Intel's local attestation sample. I'll have a summer intern who will work on the upgrade but i guess it's late for you :-(

dingelish avatar Mar 23 '21 02:03 dingelish

@dingelish that would be great!

Not worried about the latest localattesation version. More concerned with being able to use a Rust all with multiple enclaves configured.

blmalone avatar Mar 23 '21 02:03 blmalone