There are four major families of functionality provided in this preview SDK: SGX and TPM enclave attestation. MAA Attestation Token signing certificate discovery and validation. Attestation Policy management. Attestation policy management certificate management (yes, policy management management). Install the Intel SGX SDK; Thanks for reporting that sgxbase.inf is missing from the PSW package. Engineering has been made aware. As a workaround, you can install sgxbase.inf from the Windows DCAP package by following the instructions below. There are a lot of variables and options you can configure to control the build system. To set a variable or option, you can pass -DXXX= to cmake. For example, cmake -DTESTMODE=ON. To enable the TESTMODE option. SGXSDK: Set (or get from env vars) the path of Intel SGX SDK.
Last year, we published an RFC - 'Roadmap: Towards the First Public Release'. Thanksfor the continuous efforts made by the community. We have completed severalmilestones and amazing achievements.
Asia’s most international, multi-asset exchange, operating securities, fixed income and derivatives markets to the highest regulatory standards. Developing an SGX-enabled application is made really easy thanks to the provided SDK. However, there remain some issues with the current iteration of Intel SGX. Being prone to side-channel attacks sadly limits the security offered by the platform, forcing developers to proactively ensure that their programs cannot be attacked.
Specifically, we published the first Apache incubator release - version 0.1.0. In this release, we refactored and rewrote almost all core components forbetter engineering. New features and enhancements was implemented and welltested. Also we wrote plenty of documents for the design, implementation, aswell as the code base. Furthermore, the homepageof Apache Teaclave (incubating) was built and online, which contains manyuseful information on the project and community. We also organized severaloffline meetups to build up and grow the Teaclave family. In addition, forbetter explaining the project, we introduced the blog in the Teaclave homepageand then published an article about the ecosystem.In this article, we spent some time to summarize existing open source projectspowered by Teaclave. Last but not least, we also attended SGX Workshop andApacheCon to introduce our project. Overall we're very glad to see thedevelopment of the project and growth of the community.
In the year of 2021, we need to focus on the maturity of the project andbuilding a healthier and more sustainable community. Therefore, I summarizeseveral to-do lists here. There are mainly four parts. The first three are aboutthe project's features and enhancements, which include Teaclave FaaS framework,Teaclave SGX SDK, and Teaclave TrustZone SDK (this project just completed thedonation voting, more things need to do later). The last one is about communitybuildup. Yes, this is a very long list. Please let me know if you are interestedin. I'm more than happy to help you if not familiar with Teaclave, SGX, or Rust.At last, this is not a complete list. Feel free to comment and discuss in thisthread.
# Teaclave FaaS Framework
- Support WebAssembly executor
- Expose attestation related functions to the executor runtime
- Database persistency
- Execution report for end user
- Async RPC framework for better throughput performance
- Monitoring
- Performance/Scalability evaluation
- Multi-language client SDK: C, Rust client SDK
- Improve legacy code using latest compiler features
- Documentation: Lifecycle of a task in Teaclave
- Documentation: How to launch a multi-party secure computation task
- Documentation: FAQ
- Technical report
- Use a separated service and rule evaluation engine for access control
- Implement KMS
- Attestation specification for third party enclaves
- Automatic state transition of pre-approved tasks
- Local configuration of attestation method
- Better attestation report freshness management
- Refactor RPC interfaces
- Add a secure logging service
- Active enclaves status service
- Support multiple TEE implementations
- GRPC or thrift compatibility
- Universal TEE interface design and implementation
# Teaclave SGX SDK
- Security auditing and enhancement
- Code polishing
- Publish an Apache release
- Design a proper development, releasing development lifecycle
- Documentation polishing
- Tutorial
- Maintenance of Rust crates for Teaclave
- Document porting guideline for Rust crates for SGX
- std Aware Cargo supports
- Rust secure file system
# Teaclave TrustZone SDK
- Keep update to the latest Rust standard library
- Keep update to the latest OP-TEE version
- Rust Crates for TrustZone, examples
- Design attestation framework for TZ
# Teaclave Community
- Organize meetups on topics around Teaclave
- Give public talks to developers
- Reach out to more Teaclave users
- Collaboration with industry and academia
- Blogs on Rust, TEE, and Teaclave
The Teaclave's build system utilizes CMake to coordinate compilation, linking,signing, etc. for various components written in different languages (e.g., Rust, C,Python) for different targets (e.g., Linux and SGX). In this document, we willintroduce our build system in details.
# Quick Start
- Download and install CMake, the minimumrequired version is 3.10.
- Open a shell and create a build directory.
- Run the following command to configure with
TEST_MODE
on.
- Build the whole platform.
When making changes, run:
make format
: Format current source code.make run-tests
: Make sure all tests are passed.
You can find more detailed configurations and targets in the following sections.
# Variables and Options
There are a lot of variables and options you can configure to control the buildsystem.
To set a variable or option, you can pass -DXXX=
to cmake
. For example,cmake -DTEST_MODE=ON ..
to enable the TEST_MODE
option.
# Variables
SGX_SDK
: Set (or get from env vars) the path of Intel SGX SDK. Defaults to/opt/sgxsdk
.RUSTFLAGS
: Set (or get from env vars) flags passed to rustc.MESAPY_VERSION
: Set the commit hash to the upstream MesaPy version.RUSTUP_TOOLCHAIN
: Set the Rust toolchain version.CMAKE_BUILD_TYPE
: Set the build type. Defaults to debug.
# Options
COV
: Build with coverage information. Defaults to OFF.OFFLINE
: Compile Rust code withcargo --offline
. Defaults to ON.TEST_MODE
: Build with mock data and disabling some functions for testing.Defaults to OFF.SGX_SIM_MODE
: Build in SGX simulation mode. Defaults to OFF.DCAP
: Use DCAP instead of IAS as the attestation service. Defaults to OFF.GIT_SUBMODULE
: Sync submodules with the upstream repositories. Defaults toON.CLP
: Enablecargo clippy
to lint Rust code during the compilation.Defaults to OFF.DOC
: Generate document withcargo doc
during the compilation. Defaults to OFF.USE_PREBUILT_MESAPY
: Whether to use the prebuilt MesaPy for SGX library. Ifset to OFF, will build the library from the source code. Defaults to ON.
# Targets
The followings are supported targets you can call with make
. For example, to build a specificservice like execution service, you can just run make teaclave_execution_service
.
# App/Enclave
An SGX application has two parts: the app part and the enclave part. You cancompile them separately or together using with these targets:
sgxapp-teaclave_{service_name}
: Build the app part of a service.sgxlib-teaclave_{service_name}
: Build the enclave part of a service.teaclave_{service_name}
: Build (compile, link and sign, etc.) the app andenclave of a service.sgxapp-teaclave_{test_name}
: Build the app part of a test driver.sgxlib-teaclave_{test_name}
: Build the enclave part of a test driver.teaclave_{test_name}
: Build (compile, link, and sign, etc.) the app andenclave of a test driver.
These targets are automatically generated from thecmake/tomls/Cargo.sgx_{}.toml
files. Basically, they are:
test_name
can be:function_tests
,unit_tests
,integration_tests
, etc.service_name
can be:access_control_service
,authentication_service
,storage_service
,execution_service
,frontend_service
,management_service
,scheduler_service
, etc.
# Client SDK
Build Teaclave client SDK and install the compiled dynamic/static libraries tothe release folder.
teaclave_client_sdk
: Build the client SDK to both dynamic and staticlibraries.
# Bin
teaclave_cli
: Build the Teclave command line tool.teaclave_dcap_ref_as
: Build the reference implementation of DCAP'sattestation service.teaclave_sgx_tool
: Build the SGX tool.
Above targets are automatically generated from thecmake/tomls/Cargo.unix_app.toml
files.
Is There An Sgx Sdk
# Linting
format
: Format all code.clippy
: Runcargo clippy
for linting. Same withmake CLP=1
.
# Doc
Is There An Sgx Sdk Download
doc
: Runcargo doc
to generate documents. Same withmake DOC=1
.
# Tests
run-tests
: Run all test cases.run-integration-tests
: Run integration tests only.run-funtional-tests
: Run functional tests only.run-sdk-tests
: Run tests of client SDK only.run-examples
: Run all examples.cov
: Aggregate coverage results and generate report, needs to config cmakewith-DCOV=ON
.
# Misc
clean
: Cleanup all building intermediates.
# Codebase
You can find source code to learn more about our build system in theCMakeLists.txt
file and the cmake
directories.