-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SGX target to rustc #56067
Add SGX target to rustc #56067
Conversation
r? @varkor (rust_highfive has picked a reviewer for you, use r? to override) |
86ab901
to
7460b6b
Compare
|
||
/// If set, have the linker export exactly these symbols, instead of using | ||
/// the usual logic to figure this out from the crate itself. | ||
pub override_export_symbols: Option<Vec<String>> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
7460b6b
to
87f4e7a
Compare
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
87f4e7a
to
477469d
Compare
if level.is_below_threshold(export_threshold) { | ||
symbols.push(symbol.symbol_name(tcx).to_string()); | ||
if let Some(ref exports) = tcx.sess.target.target.options.override_export_symbols { | ||
exports.clone() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this use a return
to avoid the indentation of all the following lines?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Certainly. The indentation actually bothered me a lot too.
Looks good to me! Just one minor stylistic nit and otherwise r=me |
477469d
to
b0ccc35
Compare
Done |
@bors: r+ |
📌 Commit b0ccc35bf4ccd2eda00eccf5f37d28ab920520bb has been approved by |
@bors: r- reqeusted to work with the libm change! |
b0ccc35
to
9e2e575
Compare
Updated to remove libm.a |
@bors: r+ rollup |
📌 Commit 9e2e575 has been approved by |
…crichton Add SGX target to rustc This adds the `x86_64-fortanix-unknown-sgx` target specification to the Rust compiler. See rust-lang#56066 for more details about this target.
Rollup of 11 pull requests Successful merges: - #55367 (lint if a private item has doctests) - #55485 (Return &T / &mut T in ManuallyDrop Deref(Mut) impl) - #55784 (Clarifying documentation for collections::hash_map::Entry::or_insert) - #55961 (Fix VecDeque pretty-printer) - #55980 (Suggest on closure args count mismatching with pipe span) - #56002 (fix #55972: Erroneous self arguments on bare functions emit subpar compilation error) - #56063 (Update any.rs documentation using keyword dyn) - #56067 (Add SGX target to rustc) - #56078 (Fix error message for `-C panic=xxx`.) - #56106 (Remove some incorrect doc comments) - #56126 (core/benches/num: Add `from_str/from_str_radix()` benchmarks) Failed merges: r? @ghost
Add SGX target to std and dependencies This PR adds tier 3 `std` support for the `x86_64-fortanix-unknown-sgx` target. ### Background Intel Software Guard Extensions (SGX) is an instruction set extension for x86 that allows executing code in fully-isolated *secure enclaves*. These enclaves reside in the address space of a regular user process, but access to the enclave's address space from outside (by e.g. the OS or a hypervisor) is blocked. From within such enclaves, there is no access to the operating system or hardware peripherals. In order to communicate with the outside world, enclaves require an untrusted “helper” program that runs as a normal user process. SGX is **not** a sandboxing technology: code inside SGX has full access to all memory belonging to the process it is running in. ### Overview The Fortanix SGX ABI (compiler target `x86_64-fortanix-unknown-sgx`) is an interface for Intel SGX enclaves. It is a small yet functional interface suitable for writing larger enclaves. In contrast to other enclave interfaces, this interface is primarly designed for running entire applications in an enclave. The interface has been under development since early 2016 and builds on Fortanix's significant experience running enclaves in production. Also unlike other enclave interfaces, this is the only implementation of an enclave interface that is nearly pure-Rust (except for the entry point code). A description of the ABI may be found at https://docs.rs/fortanix-sgx-abi/ and https://github.com/fortanix/rust-sgx/blob/master/doc/FORTANIX-SGX-ABI.md. The following parts of `std` are not supported and most operations will error when used: * `std::fs` * `std::process` * `std::net::UdpSocket` ### Future plans A separate PR (#56067) will add the SGX target to the rust compiler. In the very near future, I expect to upgrade this target to tier 2. This PR is just the initial support to make things mostly work. There will be more work coming in the future, for example to add interfaces to the native SGX primitives, implement unwinding, optimize usercalls. UDP and some form of filesystem support may be added in the future, but process support seems unlikely given the platform's constraints. ### Testing build 1. Install [Xargo](https://github.com/japaric/xargo): `cargo install xargo` 2. Create a new Cargo project, for example: `cargo new --bin sgxtest`. 3. Put the following in a file `Xargo.toml` next to your `Cargo.toml`: ```toml [target.x86_64-fortanix-unknown-sgx.dependencies.std] git = "https://github.com/jethrogb/rust" branch = "jb/sgx-target" ``` NB. This can be quite slow. Instead, you can have a local checkout of that branch and use `path = "/path/to/rust/src/libstd"` instead. Don't forget to checkout the submodules too! 4. Build: ```sh xargo build --target x86_64-fortanix-unknown-sgx ``` ### Testing execution Execution is currently only supported on x86-64 Linux, but support for Windows is planned. 1. Install pre-requisites. In order to test execution, you'll need to have a CPU with Intel SGX support. SGX support needs to be enabled in the BIOS. You'll also need to install the SGX driver and Platform Software (PSW) from [Intel](https://01.org/intel-software-guard-extensions). 2. Install toolchain, executor: ```sh cargo install sgxs-tools --version 0.6.0-rc1 cargo install fortanix-sgx-tools --version 0.1.0-rc1 ``` 3. Start the enclave: ```sh ftxsgx-elf2sgxs target/x86_64-fortanix-unknown-sgx/debug/sgxtest --heap-size 0x20000 --ssaframesize 1 --stack-size 0x20000 --threads 1 --debug sgxs-append -i target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs ftxsgx-runner target/x86_64-fortanix-unknown-sgx/debug/sgxtest.sgxs ```
This adds the
x86_64-fortanix-unknown-sgx
target specification to the Rust compiler. See #56066 for more details about this target.