-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upstream status for rustc aarch64-unknown-optee-trustzone target? #113
Comments
I'm one of the main developers of teeos. There are many compatible interfaces between teeos and op-tee. It will be very nice if target 'aarch64-unknown-optee-trustzone' merged into the official rust toolchains. But we still have one MR waiting to be merged (std library support). TEE support for the Rust standard library is challenging, for there is no disk,network...... in trustzone. Maybe it would be more reasonable to only support no_std TAs. |
Thanks for your comments.
I am also leaning towards supporting
One of the difference I saw with |
I have some experience with what need to implement:
Yes |
Thanks for sharing valuable insights!
I agree that there are many crates supporting
To streamline maintenance efforts, we've chosen to pin the Rust version and port the std library. Adding the target to Rust upstream is a reasonable and aligns with future plans.
Agree. If the target is eventually added to the upstream, I would prefer to maintain the name
Thanks for sharing the experience of upstream |
Have you tried porting TLS crate within a TA? It is something similar when people ask about OpenSSL support in TA [1]. We should understand that OP-TEE environment is constrained:
The other thing to take care here is one of the OP-TEE design goals: Small footprint [2]. We should only try to port security sensitive portions of a normal world application to a TA. Otherwise if you port your entire application as TA then the real isolation benefit is somewhat lost. So what if you try to integrate a crate which will build due to IMO, we should also follow similar approach with rust. Start with [1] OP-TEE/optee_os#5884 |
I understand your perspective. BTW I think it will also help to reduce the memory cost of Rust TAs. |
The most effective way to reduce the size of TA is no_std and strip. There are other ways, such as: [profile.release]
panic = "abort"
opt-level = "z"
lto = "fat"
debug = false
strip = "symbols"
codegen-units = 1 |
I observe that
aarch64-unknown-optee-trustzone
target is maintained here [1]. Are there any plans to make it an official target upstream? I do see another target:aarch64-unknown-teeos
became officially supported tier 3 target upstream here [2] [3] [4] [5]. Can we re-purpose that target for OP-TEE? Or we need to add another target upstream?[1] https://github.com/mesalock-linux/rust/commits/teaclave-trustzone-sdk-1.56.1
[2] https://github.com/rust-lang/rust/blob/master/src/doc/rustc/src/platform-support/aarch64-unknown-teeos.md
[3] rust-lang/rust#113480
[4] rust-lang/libc#3333
[5] rust-lang/rust#116565
The text was updated successfully, but these errors were encountered: