This SDK enables developers to write Intel SGX applications using the Rust programming language, offering a secure and efficient way to build confidential computing solutions. It targets Rust developers seeking to leverage hardware-based security for sensitive workloads.

How It Works

The SDK provides a Rust-compatible environment for Intel SGX, abstracting low-level SGX details. It leverages Rust's safety features to help prevent common memory-related vulnerabilities within enclaves. The approach includes custom sgx_tstd (trusted standard library) and sgx_untrusted namespaces for interacting with the SGX runtime and untrusted code, respectively.

Quick Start & Requirements

• Install: Pull and run a pre-built Docker container (e.g., docker pull baiduxlab/sgx-rust).
• Prerequisites: Docker, Intel SGX OOT 2.11.0 Driver or DCAP 1.36.2 Driver, Intel SGX SDK v2.12, Intel SGX PSW, Rust nightly-2022-10-22.
• Setup: Requires downloading sample code and running Docker commands to mount SGX devices.
• Docs: 01.org for Intel SGX software installation.

Highlighted Details

• Supports a wide range of SGX features through numerous code samples, including local/remote attestation, sealed data, threading, file I/O, and even machine learning with rusty-machine.
• Includes samples for advanced features like sgxtime (Intel ME trusted timestamping), switchless execution, and WebAssembly interpretation (wasmi).
• Actively maintained forks of popular Rust crates ensure compatibility within the SGX environment.
• Provides guidance on writing Enclave Definition Language (EDL) and handling arrays/pointers for FFI.

Maintenance & Community

• Project is part of the Apache Incubator program.
• Community engagement via mailing list and Twitter (@ApacheTeaclave).
• Contributions are welcomed following "The Apache Way."

Licensing & Compatibility

• Apache License 2.0.
• Generally permissive for commercial use and integration with closed-source projects.

Limitations & Caveats

• Requires specific Intel SGX hardware and drivers for full functionality; simulation mode is available for development without SGX hardware.
• Dependency on specific Rust toolchain versions (nightly or stable) as indicated in release notes.
• Some older versions had specific requirements for starting the AESM daemon.