Rust SGX SDK v1.0.4 Released

Baidu Security X-Lab
Baidu Security X-Lab
3 min readOct 9, 2018


Highlight: now we have support for Enclave-to-Enclave and Untrusted-to-Enclave TLS communication based on SGX remote attestation

Rust SGX SDK, maintained by Baidu X-Lab, is a convenient framework to develop secure trusted computing applications for Intel SGX enclaves. Based on it, developers can easily build trusted SGX enclaves with memory safety guarantees. This adds an extra strong (and strongest ever) security layer over the SGX isolation, further keeping attackers away from the secrets in enclave even if they compromised the privileged software environment (operating system, hypervisor, etc.). Rust SGX SDK thus means a lot to privacy protection and trusted computing on public cloud platforms and blockchains.

Ever since our first open source release in last April, we have received lots of precious feedback and suggestions from the community. We are also glad to witness that Rust SGX SDK has been actively used in both academic and industrial schemes. It is these community supports and wide adoptions that motivates us to keep improving this project — including this 1.0.4 release. In this release, we added support for the latest Intel SGX SDK 2.3.1, and (for the first time of the world) enabled memory safe Enclave-to-Enclave/Untrusted-to-Enclave TLS communication based on SGX remote attestation.

We provided two TLS communication sample projects based on SGX remote attestation: mutal-ra and ue-ra. The former project demonstrates the establishment of a TLS connection between two SGX enclaves, while the latter one establishes a TLS connection from a untrusted component to an SGX enclave. In both settings, the TLS certificates are dynamic generated (and later verified in the other side) based on the proofs obtained from the SGX remote attestation. In this design, IAS (Intel Attestation Service) acts as the CA (Certificate Authority), and a successful TLS certificate verification can prove that the connection target is indeed the expected and trusted SGX enclave. Our implementation is based on Intel’s white paper “Integrating Remote Attestation with Transport Layer Security”, with the enhancement of memory safety. One can refer to it for more design details. With this TLS implementation, the world finally embraces secure end-to-end data link towards or between the SGX enclaves.

We also provided sample code for the new SGX Switchless feature which enables fast ECALL/OCALL. Moreover, to fulfill the community requests, we provided sample code to serialize/deserialize rusty-machine AI models. Developers can utilize it to transport their machine learning models between enclaves.

Along with this release, we strongly recommend developers to upgrade their Rust toolchains and Intel SGX SDK to the latest: (1) Rust language maintainers fixed a liballoc memory bug in the Rust 1.29.1 release (on Sep. 25th, 2018). In order to get immune to exploits targeting at this vulnerability, developers need to upgrade their Rust toolchains to this or newer versions to build Rust SGX enclaves; (2) After the 2.3 release of SGX SDK on Sep. 14th, Intel quickly rolled out the 2.3.1 release on Sep. 28th to fix a logic error discovered by us. So developers need to upgrade their Intel SGX SDK to 2.3.1 to get rid of this issue.

Summary of v1.0.4 New Features

  • Support Intel SGX SDK v2.3.1
  • Support Rust nightly-2018–10–01 in the master branch
  • Support Rust stable-2018–09–25 in the stable branch
  • New third party libraries bit-vec, chrono, erased-serde, fxhash, nan-preserving-float, num-bigint, quick-error, raft-rs, time, webpki-roots, yasna
  • New mutual-ra code sample contains an implementation of remote attestation based TLS channel between enclaves. The algorithm comes from Intel’s whitepaper.
  • New ue-ra code sample contains an implementation of remote attestation based TLS channel between untrusted party and enclave, using the same algorithm above.
  • Switchless code sample shows how to use the new Switchless model provided by Intel.
  • Refactored dockerfile. Since Intel has provided support for Ubuntu 18.04, we could remove the experimental docker image. Now we provide docker images for ubuntu 16.04 and 18.04 with both Rust nightly and stable releases.
  • AI Model serialize/deserialize for rusty-machine
  • Third party crates upgraded/discontinued Upgraded ring/webpki/rustls, wasmi/wabt-rs-core. Removed lazy-static, parity-wasm and untrusted because these crates support no_std and could be used directly from