The code you put in a secure enclave is the most security-critical part of your application. That code should be written in a language that is reliable.
Rust's advanced static analysis built right into the compiler makes it easy to have confidence in the security of your program.
The Fortanix EDP is fully integrated with the Rust compiler. Rust code that doesn't link to native libraries and that doesn't use processes or files should compile out of the box. If new features are added to the Rust language in a new compiler release, you'll be able to use them immediately.
Thanks to Rust's stability guarantee, old code will always continue to work after upgrading your compiler.
Rust EDP applications are just like native applications. They have a main function, can have multiple threads, and can make network connections.
You don't have to write any “untrusted” code that runs outside the enclave, this is all provided for you.
The Fortanix EDP gives you full access to SGX features. It comes with crates that are designed to make the most out of running on the SGX platform.
Rust EDP is what Fortanix uses in-house for various products, such as the award-winning Data Security Manager (DSM).
Our years of experience running secure enclaves in production have informed the design of the EDP to fit application developers's needs.
SGX secures from outside,
Rust secures from inside.
Build once, run anywhere.
Build using standard Rust.
No need to partition your code.
Just compile for SGX.
Build your code once, and run it on all supported operating systems and hardware platforms.
Runtime Encryption®'s ability to operate in untrusted environments shines in the cloud. With Rust EDP, you can take your existing Rust microservice and compile and run it in SGX in no time.
GitHub1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
use sgx_isa::{Report, Targetinfo};
/// A simple TCP server that will generate local attestations on request.
fn main() -> io::Result<()> {
for stream in TcpListener::bind("localhost:0")?.incoming() {
let mut stream = stream?;
// Read targetinfo from stream
let targetinfo: Targetinfo = read_targetinfo(&mut stream)?;
// Issue local SGX attestation report (uses EREPORT instruction)
let report = Report::for_target(&targetinfo, &[0; 64]);
// Write report to stream
stream.write_all(report.as_ref())?;
}
Ok(())
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
extern crate serde;
use serde::{Serialize, Deserialize};
/// This example, uses a simple structure `Point` that is
/// serialized and deserialized to `JSON` using Rust's serde.
#[derive(Serialize, Deserialize, Debug, PartialEq)]
struct Point {
pub x: i32,
pub y: i32,
}
impl Point {
fn as_json(&self) -> String {
serde_json::to_string(&self).unwrap()
}
fn from_json(s: &str) -> Self {
serde_json::from_str(s).unwrap()
}
}