teaclave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mingshen Sun <notificati...@github.com.INVALID>
Subject Re: [apache/incubator-teaclave-sgx-sdk] Sqlite3 Port (#274)
Date Fri, 23 Oct 2020 17:32:16 GMT
> But I do think by limiting the enclave programming language to Rust, and not trusting
any external battlefield-tested library (sqlite in this case) would limit the scope of this

Yes, I agree with you. This is another topic we can discuss more.

Originally, the SGX SDK is designed to serve logics (app and enclave) written in Rust code.
For example, ocall interfaces are only for Rust standard library. However, if you want to
use FFI to call C library like sqlite, you have to implement some new ocall interfaces, which
is extremely dangerous. However, we can provide an "ocall" abstraction layer (or so called
platform abstraction layer) and give Rust and C interfaces (ABIs) to serve both Rust standard
library and libc. This layer only focus on providing a secure yet universal "ocall" interfaces.
Specifically, this layer is written in Rust and export C FFI to serve upper C libraries. I
understand my description is still very obscure, but that's the rough idea I have. Here is
a simple graph to demonstrate my thoughts:

Enclave (Rust)        | Enclave (C)
Rust standard library | libc        | SGX platform interfaces (Rust/C FFI)
ocall interfaces (Rust)             |

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message