#CRITICAL OPS HACK 1.22 CODE#
New code sample: kvdb-memdb and its dependencies. Now master branch can output panic strings correctly. Correct the MIN_ALIGN to 8 bytes according to Intel's memory alloctor.īug fix in sgx_tstd/panicking.rs. Supports Rust stable- in stable branch (rustc 1.34.2)īug fix in sgx_alloc. Supports Rust nightly- in master branch (rustc 1.36.0) It'll be in a repo like apache/incubator-rust-sgx-sdk, while the former link baidu/rust-sgx-sdk still works well. The Apache Incubator Rust SGX SDK would be soon transferred to the Apache Incubator, as a subproject of MesaTEE. And please adjust the Xargo.toml if your project are using xargo.
#CRITICAL OPS HACK 1.22 UPDATE#
Upgrade Notes Please update your edl files as well as the common headers. We'll merge the commits periodically, and provide a world map of the forked crates very soon. Removed all local third_party crates We forked everything and maintain them by merge bot. No longer requires libsgx_tcxx unless the enclave depends on protected_fs or tse. Removed libbacktrace and new libunwind is in sgx_unwind New sgx crates sgx_backtrace, sgx_backtrace_sys, sgx_demangle, sgx_panic_abort, sgx_panic_unwind. Stable branch would be pushed later.ĬentOS 7.6 supported Added dockerfile for CentOS 7.6. Supports Rust nightly- in master branch (rustc 1.38.0). Link flag change In this version, -lsgx_tcxx must be placed before -lsgx_tstdc. To help understand this vulnerability, please look into the wiki article Mitigation of Intel SA 00219 in Rust SGX. New aligned allocator primitives and data structures To mitigate Intel-SA-00219, we provided AlignBox for dynamic allocation, and aligned key types such as sgx_align_key_256bit_t, sgx_align_key_128bit_t for static allocation. Is_x86_feature_detected We found a global feature indicator g_cpu_feature_indicator and enabled is_x86_feature_detected without triggering cpuid instruction. Threading and synchronization We implemented thread::spawn and ported std::sync::mpsc. Rust SGX SDK v1.1.0įedora 27 supported Added dockerfile for Fedora 27. Sgx_crypto_helper is working on both trusted/untrusted side now. Sgx_core_futures provides basic future primitive. Use hashbrown to replace old std::collections We move to hashbrown v0.7 and skipped v0.6. Please refer to the unit test codes for sample usage. New proc macro sgx_align sgx_align can help with mitigate INTEL-SA-00219. We shipped our docker images with two options: (1) build gcc from source, or (2) use gcc from well-known repo.
#CRITICAL OPS HACK 1.22 PATCH#
Removed compiler-rt patch Rust SGX SDK v1.1.1ĭocker images refactored Due to the requirement of LVI mitigation, the docker image has to contain very new version of GCC/G++ and GNU binutils with LVI patch.
Removed sgx_core_futures since Rust supports async/ await in no_std environment. It'll be pretty handy when debugging with ud2 or SIGILL events! Please look at signal sample for usage. Please upgrade asap Intel fixed couple of bugs in 2.12.