Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
  • Nov 15 01:15

    volcano0dr on v1.1.6


  • Nov 15 01:14

    volcano0dr on master

    Support rust-nightly-2022-10-22… Add epoll_create for sgx_libc Fix mio samplecode (compare)

  • Nov 05 14:16

    volcano0dr on v1.1.6-testing

    Fix mio samplecode (compare)

  • Nov 05 09:54

    volcano0dr on v1.1.6-testing

    Add epoll_create for sgx_libc (compare)

  • Oct 31 07:31

    volcano0dr on v2.0.0-preview

    Revert "Add fsync to flush and … (compare)

  • Oct 27 15:07

    volcano0dr on v2.0.0-preview

    fix libunwind autogen script wh… (compare)

  • Oct 27 15:04

    volcano0dr on v1.1.6-testing

    Support rust-nightly-2022-10-22… (compare)

  • Oct 27 15:01

    volcano0dr on master

    fix libunwind autogen script wh… (compare)

  • Oct 27 11:21

    volcano0dr on v2.0.0-preview

    add epoll_create (compare)

  • Oct 22 18:39

    volcano0dr on v2.0.0-preview

    Support rust-nightly-2022-10-22 (compare)

  • Oct 22 17:38

    volcano0dr on v1.1.6-testing

    Support rust-nightly-2022-10-22… (compare)

  • Oct 22 17:33

    volcano0dr on v1.1.6-testing

    Support rust-nightly-2022-10-22… (compare)

  • Oct 22 17:32

    volcano0dr on v1.1.6-testing

    Support rust-nightly-2022-10-22 (compare)

  • Oct 22 16:48

    volcano0dr on v1.1.6-testing

    Support rust-nightly-2022-10-17… (compare)

  • Sep 29 03:09

    volcano0dr on v2.0.0-preview

    Support KSS in simulation mode (compare)

  • Sep 29 03:06

    volcano0dr on v2.0.0-preview

    Update SpinMutex and SpinRwLock (compare)

  • Sep 29 03:05

    volcano0dr on v2.0.0-preview

    Protected_fs supports the speci… (compare)

  • Sep 29 02:57

    volcano0dr on v2.0.0-preview

    Update makefile (compare)

  • Sep 21 11:29

    volcano0dr on v2.0.0-preview

    Fix memory alignment issues wit… (compare)

  • Sep 19 11:52

    volcano0dr on v2.0.0-preview

    Fix memory alignment issue when… (compare)

Blaine Malone
Never mind, it's just a matter of pointing to git clone https://github.com/apache/incubator-teaclave-sgx-sdk.git. The wording caught me a little here.
Blaine Malone

Trying to get a Simulation example working on macOS


Getting the following error when I use the stable build:

./lib/libenclave.a(sgx_trts-e1de7fe3db2688ea.sgx_trts.c1x8g4sc-cgu.2.rcgu.o): In function `sgx_trts::enclave::SgxGlobalData::new::hd171d7330c2c7ee0':
sgx_trts.c1x8g4sc-cgu.2:(.text._ZN8sgx_trts7enclave13SgxGlobalData3new17hd171d7330c2c7ee0E+0xa5): undefined reference to `get_rsrv_base'
sgx_trts.c1x8g4sc-cgu.2:(.text._ZN8sgx_trts7enclave13SgxGlobalData3new17hd171d7330c2c7ee0E+0xb2): undefined reference to `get_rsrv_size'
collect2: error: ld returned 1 exit status
Makefile:155: recipe for target 'enclave/enclave.so' failed
make: *** [enclave/enclave.so] Error 1
Blaine Malone
1. docker pull baiduxlab/sgx-rust-stable
2. docker run -v /Users/<user.name>/code/incubator-teaclave-sgx-sdk:/root/sgx -ti baiduxlab/sgx-rust-stable
3. cd sgx/samplecode/helloworld/
4. Edit Makefile for SW mode
5. make && cd bin
6. ./app
I get the above error after performing these steps on macOS.
Blaine Malone
Raised an issue as I can't see any existing issues for it, apache/incubator-teaclave-sgx-sdk#318
Blaine Malone

Not sure how active this conversation thread is but I'll try again....

6_64-unknown-linux-gnu/lib/libcompiler_builtins-f51baad7bbcb81c4.rlib" "-Wl,-Bdynamic" "-lgcc_s" "-lutil" "-lrt" "-lpthread" "-lm" "-ldl" "-lc"
  = note: /usr/bin/ld: /root/sgx/samplecode/hello-rust/app/target/release/deps/libsgx_tcrypto-1902d87c87f3e072.rlib(sgx_tcrypto-1902d87c87f3e072.sgx_tcrypto.3jhltoaz-cgu.1.rcgu.o): in function `<sgx_tcrypto::crypto::SgxRsaPrivKey as core::ops::drop::Drop>::drop':
          sgx_tcrypto.3jhltoaz-cgu.1:(.text._ZN76_$LT$sgx_tcrypto..crypto..SgxRsaPrivKey$u20$as$u20$core..ops..drop..Drop$GT$4drop17h7d56483f335f559cE+0x35): undefined reference to `sgx_free_rsa_key'
          collect2: error: ld returned 1 exit status

I'm trying to use sgx_tcrypto in the app (not the enclave) and I receive this error. Any ideas?

Hi. Quick question. Is there a reason the types in the sgx_types/src/types.rs does not implement fmt::Debug using derive?
Thinking about forking the crate and adding the derives to allow me to create strategies with proptest on those types.
@blmalone why are you using tcrypto in the app? any reason ucripto will not cut it?
Blaine Malone
@longtomjr you're right I started using ucrypto and it worked.
Awesome, glad you got it working
Sylvain Bellemare
Hey, is there a plan to support linux-sgx 2.13.3?
Yu Ding
@sbellem please wait for a couple of days. we'll skip 2.13 and move forward to 2.14
there's a critical security vulnerability which affects <2.14. cvss score 8.2
Sylvain Bellemare
Hey @dingelish! Ok thanks for the update! Was just curious, as I am planning to work on the reproducibility issue for the Rust SGX SDK, and I have been using 2.13.3 for the C++ linux-sgx.
Pi Delport
Hi! I just submitted my first PR for updating a communing-forked crate: mesalock-linux/serde-bytes-sgx#3
Is that the right way to go about it?
Yu Ding
@PiDelport i'll take a look tonight! thank you so much!
Pi Delport
@dingelish: Cool, thanks! Let me know if the rebase is okay, or if there's a better way to represent the changes for review.
(I considered doing a merge of the upstream into the fork, and then applying further changes to update, but that seems messy, and intertwines the two histories together. it seemed cleaner to keep the upstream history pristine, and maintain the SGX port as a single patch-set.)
Yu Ding
@PiDelport merged!
tag is updated as well
Sylvain Bellemare
@dingelish is https://github.com/apache/incubator-teaclave-sgx-sdk/tree/v1.1.4-testing the branch you are using for 2.14?
Jing Li
anybody know that SGX remote attestation? in the sdk samplecode that client may at no SGX environment is ok? and the server should at SGX env? But when they connect well , then the client how to use the DH key ( which RA generate by DHKE) to encrypt the message want to transport to server to process
can we use libc inside enclave?
I am trying to port socket2 crate, and I have the following toml file
name = "socket2"
version = "0.4.1"
authors = [
    "Alex Crichton <alex@alexcrichton.com>",
    "Thomas de Zeeuw <thomasdezeeuw@gmail.com>"
license = "MIT/Apache-2.0"
readme = "README.md"
repository = "https://github.com/rust-lang/socket2"
homepage = "https://github.com/rust-lang/socket2"
documentation = "https://docs.rs/socket2"
description = """
Utilities for handling networking sockets with a maximal amount of configuration
possible intended.
keywords = ["io", "socket", "network"]
categories = ["api-bindings", "network-programming"]
edition = "2018"
include = [

all-features = true
rustdoc-args = ["--cfg", "docsrs"]

features = ["all"]

libc = { git = "https://github.com/mesalock-linux/libc-sgx.git" }

winapi = { version = "0.3.9", features = ["handleapi", "ws2ipdef", "ws2tcpip"] }

# Enable all API, even ones not available on all OSs.
all = []

sgx_tstd = { rev = "v1.1.3", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["backtrace", "net"] }

sgx_alloc = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_build_helper = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_libc = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_tprotected_fs = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_trts = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_tstd = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_types = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_unwind = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
It compiles but when I include it in a project, I am getting linker error
CC   <=  enclave/Enclave_t.c
Compiling enclave/enclave.so
/usr/bin/ld: ./lib/libenclave.a(substratee_worker_enclave-63b7e583d1fd4904.substratee_worker_enclave.8ce17zpu-cgu.5.rcgu.o): in function `<nakamoto_net_poll::reactor::Reactor<sgx_tstd::net::tcp::TcpStream,E> as nakamoto_p2p::reactor::Reactor<E>>::run':
substratee_worker_enclave.8ce17zpu-cgu.5:(.text._ZN136_$LT$nakamoto_net_poll..reactor..Reactor$LT$sgx_tstd..net..tcp..TcpStream$C$E$GT$$u20$as$u20$nakamoto_p2p..reactor..Reactor$LT$E$GT$$GT$3run17h459f1e3d8d3be928E+0x712): undefined reference to `poll'
/usr/bin/ld: substratee_worker_enclave.8ce17zpu-cgu.5:(.text._ZN136_$LT$nakamoto_net_poll..reactor..Reactor$LT$sgx_tstd..net..tcp..TcpStream$C$E$GT$$u20$as$u20$nakamoto_p2p..reactor..Reactor$LT$E$GT$$GT$3run17h459f1e3d8d3be928E+0x9ca): undefined reference to `read'
/usr/bin/ld: ./lib/libenclave.a(popol-9ea5103fb1277962.popol.8uqnqeov-cgu.3.rcgu.o): in function `popol::Waker::reset':
popol.8uqnqeov-cgu.3:(.text._ZN5popol5Waker5reset17h36dd53df767e34bdE+0x2c): undefined reference to `read'
/usr/bin/ld: ./lib/libenclave.a(socket2-bc6e09cd5d2855ee.socket2.551ud0mu-cgu.1.rcgu.o): in function `socket2::socket::Socket::new':
socket2.551ud0mu-cgu.1:(.text._ZN7socket26socket6Socket3new17h4d5dd77834895fffE+0x19): undefined reference to `socket'
/usr/bin/ld: ./lib/libenclave.a(socket2-bc6e09cd5d2855ee.socket2.551ud0mu-cgu.1.rcgu.o): in function `socket2::socket::Socket::connect':
socket2.551ud0mu-cgu.1:(.text._ZN7socket26socket6Socket7connect17h932e57bd63afb67dE+0x17): undefined reference to `connect'
/usr/bin/ld: ./lib/libenclave.a(socket2-bc6e09cd5d2855ee.socket2.551ud0mu-cgu.1.rcgu.o): in function `socket2::socket::Socket::set_read_timeout':
socket2.551ud0mu-cgu.1:(.text._ZN7socket26socket6Socket16set_read_timeout17h7aa1b24fab4cb459E+0x5d): undefined reference to `setsockopt'
/usr/bin/ld: ./lib/libenclave.a(socket2-bc6e09cd5d2855ee.socket2.551ud0mu-cgu.1.rcgu.o): in function `socket2::socket::Socket::set_write_timeout':
socket2.551ud0mu-cgu.1:(.text._ZN7socket26socket6Socket17set_write_timeout17h11132aecfd159339E+0x5d): undefined reference to `setsockopt'
/usr/bin/ld: ./lib/libenclave.a(socket2-bc6e09cd5d2855ee.socket2.551ud0mu-cgu.0.rcgu.o): in function `socket2::sys::set_nonblocking':
socket2.551ud0mu-cgu.0:(.text._ZN7socket23sys15set_nonblocking17h85007fcdfc9a6027E+0x10): undefined reference to `fcntl'
/usr/bin/ld: socket2.551ud0mu-cgu.0:(.text._ZN7socket23sys15set_nonblocking17h85007fcdfc9a6027E+0x4b): undefined reference to `fcntl'
collect2: error: ld returned 1 exit status
Makefile:188: recipe for target 'enclave/enclave.so' failed
make: *** [enclave/enclave.so] Error 1
There is an undefined reference to fcntl.
and read
Is there any way to solve this?
Mingshen Sun
Hello everyone, please use our Discord channel for Teaclave related discussion. Thanks. https://teaclave.apache.org/community/#discord
Garima Aggarwal
Hi everyone, I installed the driver and intel-sgx-dkms package
But /dev/isgx device is still not found on the system
I am using Debian OS
Please can someone help..thanks
Sylvain Bellemare
@dingelish or anyone knows where the latest docker images are hosted on DockerHub? I am aware of https://hub.docker.com/r/baiduxlab/sgx-rust/tags, but this is not recent.
Hi everyone, does anyone know or have tried to run the RUST SGX SDK on a macbook pro with an M1 chip in Simulation mode? Will it work in simulation?
Yu Ding
hey everybody. i just come back to Baidu and I'm starting to work on this project again. sorry for so many delays...
hi how can i use the "libenclave.signed.so" file which made by c++ in RUST-SGX-SDK?
Yu Ding

hi how can i use the "libenclave.signed.so" file which made by c++ in RUST-SGX-SDK?

you can refer to app part in sample codes

hey, I'm trying to get SGX to work but no matter what I do the AESM service doesn't start any ideas what the cause could be?
$ sudo sgx-detect  --verbose
Detecting SGX, this may take a minute...
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
✔  SGX instruction set
  ✔  CPU support
  ✔  CPU configuration
  ✔  Enclave attributes
  ✔  Enclave Page Cache
  SGX features
    ✘  SGX2  ✘  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✘  KSS
    Total EPC size: 189.5MiB
✘  Flexible launch control
  ✔  CPU support
  ✘  CPU configuration
✘  SGX system software
  ✔  SGX kernel device (/dev/isgx)
  ✔  libsgx_enclave_common
  ✘  AESM service

🕮  Flexible launch control > CPU configuration
Your hardware supports Flexible Launch Control, but it's not enabled in the BIOS. Reboot your machine and try to enable FLC in your BIOS. Alternatively, try updating your BIOS to the latest version or contact your BIOS vendor.


More information: https://edp.fortanix.com/docs/installation/help/#flc-cpu-configuration

🕮  SGX system software > AESM service
AESM could not be contacted. AESM is needed for launching enclaves and generating attestations.

AESM appears to be installed, but it's not running. Please check your AESM installation.

debug: error communicating with aesm
debug: cause: error communicating with aesm
debug: cause: Connection refused (os error 111)

$ sudo systemctl status aesmd
● aesmd.service - Intel(R) Architectural Enclave Service Manager
   Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Fri 2022-03-25 13:57:17 UTC; 12s ago
  Process: 21721 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (code=exited, status=0/SUCCESS)
  Process: 21720 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 21719 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 21718 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 21717 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 21716 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 21700 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
 Main PID: 21722 (code=exited, status=1/FAILURE)
Reuven Podmazo
Hello @dingelish ! I have a few questions about the v2.0.0-preview. Are you available here or on discord?
Yu Ding
both! i just get up and i'll get back to u asap!
Reuven Podmazo
oh cool, thanks! can you please get in touch with me on discord? I pinged you in the community server. I actually have to go offline for a few hours but I'll be back later
Reuven Podmazo
Hi @dingelish ! I hope you had a nice weekend :)
Can I DM you on discord? I have some deep technical questions that I'm trying to figure out
Yu Ding
@reuvenpo of course! sorry i missed your messages here
i'll get back to keyboard in about 30 minutes
Reuven Podmazo
cool, thank you! I'll DM you on discord, let me know when you're available and we'll chat there :)
Also, I don't think you missed any important message so all's good :)
Rashmi Krishnan
Noob question: Excuse me for the long message. I am using RUST SGX SDK v1.1.3 and Intel SGX SDK 2.12 for my library development. I have this set up in docker container running Centos 8. My library is currently trying to build an enclave and create enclave using SgxEnclave::create_with_workers. My understanding is that the parameters are being passed correctly, however, enclave creation is failing with SGX_ERROR_UNEXPECTED_ERROR. I looked at the same code under samplecode/switchless in teaclave to see what parameters are required, I pass the same, however, my enclave creation still fails. I also cross checked the link flags that I use for build purposes, and it seems correct to me. Not sure what I am missing here or how to go around debugging it. Please could someone give me pointers around this. Note, I also tried copying the code in samplecode/switchless App section to my code, but creation still fails. "-o /root/visakp-enclave/target/debug/build/untrusted-sgx-dcbd43e7fffbb0dc/out/enclave_sim.so -O2 -m64\n -Wl,-z,relro,-z,now,-z,noexecstack\n -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L/opt/intel/sgxsdk/lib64\n -Wl,--whole-archive -lsgx_tswitchless -lsgx_trts_sim /root/visakp-enclave/target/debug/build/untrusted-sgx-dcbd43e7fffbb0dc/out/libenclave_t_api.a -Wl,--no-whole-archive\n -Wl,--start-group -lsgx_tstdc -lsgx_tcrypto -lsgx_tservice_sim ../target/debug/libtrusted_sgx.a -Wl,--end-group\n -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined\n -Wl,-pie,-eenclave_entry -Wl,--export-dynamic\n -Wl,--gc-sections -Wl,--defsym,__ImageBase=0\n -Wl,--version-script=../trusted-sgx/kbox.lds"