update readme for v0.9.6

LICENSE

@@ -1,6 +1,6 @@
 BSD License
 
-Copyright (c) 2017 Baidu, Inc. All Rights Reserved.
+Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions

Readme.md

@@ -1,6 +1,9 @@
 # Rust SGX SDK
 Rust SGX SDK helps developers write Intel SGX applications in Rust programming language. [[Paper pdf]](documents/ccsp17.pdf)
 
+## v0.9.6 Release
+This version provides security enhancement for untrusted IO and additional support for monotonic counter. Untrusted IO operations in `sgx_tstd::fs` `sgx_tstd::net` and `sgx_tstd::time` are **DISABLED by default** to reduce the untrusted surface, and can be enabled by features. Trusted time support is moved to `sgx_tservice::sgxtime` and monotonic counter is provided by `sgx_tservice::sgxcounter`. Please refer to [release_notes](release_notes.md) for further details.
+
 ## v0.9.5 Release
 This is a **milestone version**, and may be the last version before 1.0.0. It provides supports of network access, TLS connection, trusted/untrusted file system access, trusted/untrusted time, and environment variable operations. Most important, it supports `xargo`! Now `x86_64-unknown-linux-sgx` is the new platform target. All of the code samples and third-party libraries could be built by `xargo` via `XARGO_SGX=1 make` (cargo also supported by `make`). What's more, we provide a pair of TLS client/server [sample](samplecode/tls) as a complete stack of secure! Please refer to [release_notes](release_notes.md) for further details.
 

dockerfile/Dockerfile

@@ -66,7 +66,7 @@ RUN wget -O /root/sgx_2.0.tar.gz https://github.com/01org/linux-sgx/archive/sgx_
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-01-19 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-02-05 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     apt-get autoclean && apt-get autoremove && rm -rf /var/cache/apt/archives/*

dockerfile/experimental/Dockerfile

@@ -76,7 +76,7 @@ RUN wget -O /root/sgx_2.0.tar.gz https://github.com/01org/linux-sgx/archive/sgx_
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-01-19 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-02-05 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     apt-get autoclean && apt-get autoremove && rm -rf /var/cache/apt/archives/*

libunwind/build.rs

@@ -15,7 +15,7 @@ fn main() {
     let target = env::var("TARGET").expect("TARGET was not set");
 
     if target.contains("linux") {
-        if target.contains("musl") && !target.contains("mips") {
+        if target.contains("musl") {
             // musl is handled in lib.rs
         } else if !target.contains("android") {
             println!("cargo:rustc-link-lib=gcc_s");
@@ -43,5 +43,7 @@ fn main() {
         println!("cargo:rustc-link-lib=gcc_s");
     } else if target.contains("redox") {
         println!("cargo:rustc-link-lib=gcc");
+    } else if target.contains("cloudabi") {
+        println!("cargo:rustc-link-lib=unwind");
     }
 }

libunwind/lib.rs

@@ -35,7 +35,7 @@ cfg_if! {
     }
 }
 
-#[cfg(all(target_env = "musl", not(target_arch = "mips")))]
+#[cfg(target_env = "musl")]
 #[link(name = "unwind", kind = "static", cfg(target_feature = "crt-static"))]
 #[link(name = "gcc_s", cfg(not(target_feature = "crt-static")))]
 extern {}

libunwind/libunwind.rs

@@ -93,8 +93,7 @@ extern "C" {
 }
 
 cfg_if! {
-if #[cfg(not(any(all(target_os = "android", target_arch = "arm"),
-                 all(target_os = "linux", target_arch = "arm"))))] {
+if #[cfg(all(any(target_os = "ios", not(target_arch = "arm"))))] {
     // Not ARM EHABI
     #[repr(C)]
     #[derive(Copy, Clone, PartialEq)]

release_notes.md

@@ -1,3 +1,10 @@
+# Rust SGX SDK v0.9.6 Release Notes
+**Support latest Rust nightly build (nightly-2018-02-05-x86_64-unknown-linux-gnu)**
+
+**Security enhancement** Added three features for `sgx_tstd`: `untrusted_fs` `untrusted_time` `untrusted_net` to control the insecure ocall interface. By default, io-related features in `fs/time/net` are **DISABLED**. To enable them, please add feature declarations such as `features = ["untrusted_fs"]` for sgx_tstd in `Cargo.toml`. All sample codes and third party libraries are updated accordingly. Note that data from unstrusted `fs/time` are **UNTRUSTED**and thus use them **AT YOUR OWN RISK**. Data from `net` are well-known as untrusted and need validation instinctively. We strongly recommend our TLS termination for network access, instead of using `net` directly.
+
+**Refined sgxtime and support sgxcounter** Moved the trusted time service to `sgx_tservice::sgxtime` and implemented the monotonic counter in `sgx_tservice::sgxcounter`.
+
 # Rust SGX SDK v0.9.5 Release Notes
 **Support latest Rust nightly build (nightly-2018-01-19-x86_64-unknown-linux-gnu)**
 

samplecode/backtrace/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Backtracesampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]
@@ -12,4 +12,4 @@ default = []
 
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../sgx_types" }
-sgx_tstd = { path = "../../../sgx_tstd" }
+sgx_tstd = { path = "../../../sgx_tstd", features = ["backtrace"] }

samplecode/backtrace/enclave/Xargo.toml

@@ -10,6 +10,7 @@ stage = 1
 
 [dependencies.std]
 path = "../../../xargo/sgx_tstd"
+features = ["backtrace"]
 stage = 2
 
 [dependencies.sgx_rand]

samplecode/crypto/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Cryptosampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/file/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Filesampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/hello-rust/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/hello-rust/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Helloworldsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/helloworld/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Helloworldsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/hugemem/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Hugememsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/localattestation/attestation/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "attestation"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [features]

samplecode/localattestation/attestation/Xargo.toml

@@ -0,0 +1,25 @@
+[dependencies]
+alloc = {}
+panic_unwind = {}
+panic_abort = {}
+
+[dependencies.compiler_builtins]
+features = ["c", "compiler-builtins"]
+git = "https://github.com/rust-lang-nursery/compiler-builtins"
+stage = 1
+
+[dependencies.std]
+path = "../../../xargo/sgx_tstd"
+stage = 2
+
+[dependencies.sgx_rand]
+path = "../../../xargo/sgx_rand"
+stage = 3
+
+[dependencies.sgx_serialize]
+path = "../../../xargo/sgx_serialize"
+stage = 3
+
+[dependencies.sgx_tunittest]
+path = "../../../xargo/sgx_tunittest"
+stage = 3

samplecode/localattestation/enclave1/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "enclave1"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/localattestation/enclave2/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "enclave2"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/localattestation/enclave3/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "enclave3"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/machine-learning/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/machine-learning/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Machinelearningsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/remoteattestation/Application/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "RAenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/sealeddata/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Sealdatasampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/serialize/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Serializesampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/sgxtime/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/sgxtime/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Sgxtimeenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/sgxtime/enclave/src/lib.rs

@@ -40,10 +40,6 @@ extern crate sgx_tservice;
 
 use sgx_types::*;
 use sgx_tservice::*;
-//use std::string::String;
-//use std::vec::Vec;
-//use std::io::{self, Write};
-//use std::slice;
 
 #[no_mangle]
 pub extern "C" fn sgx_time_sample() -> sgx_status_t {
@@ -52,7 +48,7 @@ pub extern "C" fn sgx_time_sample() -> sgx_status_t {
         Ok(_) => println!("Create PSE session done"),
         _ => println!("Cannot create PSE session"),
     }
-    let ttime = SgxTime::now();
+    let ttime = sgxtime::SgxTime::now();
     //println!("timestamp: {}", ttime.timestamp);
     match ttime {
         Ok(st) => println!("Ok with {:?}", st),

samplecode/test_all.sh

@@ -44,8 +44,8 @@ test_cases=(backtrace \
 
 for i in ${test_cases[@]}
 do
-	cd ${i} && XARGO_SGX=1 make && cd bin && echo -e '\n' | ./app && cd ../ && make clean && cd .. &&
-	cd ${i} && make && cd bin && echo -e '\n' | ./app && cd ../ && make clean && cd ..
+	cd ${i} && make && cd bin && echo -e '\n' | ./app && cd ../ && make clean && \
+	   XARGO=1 make && cd bin && echo -e '\n' | ./app && cd ../ && make clean && cd ..
 done
 
 echo "Done!"

samplecode/thread/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Threadsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]

samplecode/tls/tlsclient/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/tls/tlsclient/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tlsclient"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]
@@ -13,7 +13,7 @@ default = []
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../../sgx_types" }
 sgx_trts = { path = "../../../../sgx_trts" }
-sgx_tstd = { path = "../../../../sgx_tstd" }
+sgx_tstd = { path = "../../../../sgx_tstd", features = ["untrusted_fs", "untrusted_net", "untrusted_time"] }
 
 [dependencies]
 rustls = { path = "../../../../third_party/rustls" }

samplecode/tls/tlsclient/enclave/Xargo.toml

@@ -10,6 +10,7 @@ stage = 1
 
 [dependencies.std]
 path = "../../../../xargo/sgx_tstd"
+features = ["untrusted_fs", "untrusted_net", "untrusted_time"]
 stage = 2
 
 [dependencies.sgx_rand]

samplecode/tls/tlsserver/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/tls/tlsserver/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tlsclient"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]
@@ -13,7 +13,7 @@ default = []
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../../sgx_types" }
 sgx_trts = { path = "../../../../sgx_trts" }
-sgx_tstd = { path = "../../../../sgx_tstd" }
+sgx_tstd = { path = "../../../../sgx_tstd", features = ["untrusted_fs", "untrusted_net", "untrusted_time"] }
 
 [dependencies]
 rustls = { path = "../../../../third_party/rustls" }

samplecode/tls/tlsserver/enclave/Xargo.toml

@@ -10,6 +10,7 @@ stage = 1
 
 [dependencies.std]
 path = "../../../../xargo/sgx_tstd"
+features = ["untrusted_fs", "untrusted_net", "untrusted_time"]
 stage = 2
 
 [dependencies.sgx_rand]

samplecode/unit-test/app/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "app"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["duanran01 <[email protected]>"]
 build = "build.rs"
 

samplecode/unit-test/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Unittestsampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]
@@ -12,7 +12,7 @@ default = []
 
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../sgx_types" }
-sgx_tstd = { path = "../../../sgx_tstd" }
+sgx_tstd = { path = "../../../sgx_tstd", features = ["untrusted_fs", "untrusted_time"] }
 sgx_tcrypto = { path = "../../../sgx_tcrypto" }
 sgx_tunittest = { path = "../../../sgx_tunittest" }
 sgx_trts = { path = "../../../sgx_trts" }