Skip to content

Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.29#472

Open
bfoing wants to merge 37 commits into
apache:mainfrom
Privasys:main
Open

Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.29#472
bfoing wants to merge 37 commits into
apache:mainfrom
Privasys:main

Conversation

@bfoing

@bfoing bfoing commented Jun 22, 2026

Copy link
Copy Markdown

Modernisations

Rust toolchain (kept current across nightlies):

  • nightly-2023-11-17nightly-2026-06-21 (rustc ~1.75 → 1.98-nightly), LLVM 19 → 22.
  • sgx_tstd (the vendored std) reconciled with upstream std evolution: BorrowedBuf/BorrowedCursor init API and added generic parameter, FD/Timespec niche representation, prelude macro re-exports (assert_eq/debug_assert/matches, and the std-defined panic/vec/format via the ambiguous_macros_only trick), intrinsics::catch_unwind returning bool, trait-object lifetime laundering via transmute (raw-pointer as casts no longer extend lifetimes), rustc_macro_transparency value rename, Layout::dangling_ptr, the hashbrown min_specialization fix, and custom .json targets now requiring -Zjson-target-spec.

Intel SGX SDK (migrated forward):

  • 2.20 → 2.29 (DCAP 1.17/1.18 along the way).
  • 2.29 required bumping the sgx_trts SDK version constant so that the 2.29 sgx_sign accepts the enclave (the signer enforces a match between the trts-embedded version and the signing SDK).
  • Removed the EPID-based sgx_key_exchange crate, since EPID remote attestation was removed from the SDK in 2.28. DCAP/ECDSA attestation is unaffected.

Build system:

  • A sgx_sysroot CMake target that builds the trusted Rust rlibs (-Zbuild-std=core,alloc) into an installable sysroot, so consumers can compile enclave crates against it without bespoke scripting.
  • Additional headers to complement the SGX SDK ones, plus dockerfile updates.

Fixes:

  • Reimplement sgx_read_rand for ucrypto; IPP CPUID initialisation for some AVX-512 instruction sets; note.sgxmeta section size; ExceptionInfo 64-byte alignment; untrusted-memory pointer dereference hardening; try_error/trim_range_commit fixes.

Validated end to end building and signing real SGX enclaves (a base enclave and a WASM runtime) on nightly-2026-06-21 with Intel SGX SDK 2.29.

A note on the size

Apologies for the size of this PR. It is large (around 1,800 files) because it spans several Rust nightly cycles of sgx_tstd reconciliation plus a series of SGX SDK version bumps that accumulated in our downstream fork (Privasys/teaclave-sgx-sdk). None of it is application-specific; it is all generic toolchain, SDK and build modernisation. We are very happy to split it into smaller focused PRs if that is easier to review, just let us know.

volcano0dr and others added 30 commits August 23, 2023 18:09
Currently, the code base assumes creation of full rust enclaves,
including the entry point. This allows minimal dependency on Intel's
SGX SDK.

However, this doesn't allow creating static libraries that are to be
consumed by existing enclaves, typically written in C or C++ with
the full SGX SDK from Intel.

We introduce a new use_sgx_sdk feature that mainly allows using
symbols from Intel's SGX SDK instead of locally defined ones.

This feature is enabled for a new target "x86_64-sgx_sdk_linux_sgx",
which is identical to x86_64-unknown-linux-sgx, except for its name
and for a specific "sgx_sdk" abi, which allows to manage dependencies.
Useful for convenient handling of sgx exceptions.
- add a top-level CMakeLists.txt
- expose the headers not in full sgx sdk on their own
Including exposing some new features now available in std.
---------

Co-authored-by: Edward Boggis-Rolfe <edward@secretarium.org>
The global_data_t struct has a couple of new fields, and more important,
the elrange_size field now defaults to 0 instead of enclave_size.
# Conflicts:
#	rust-toolchain
#	rustlib/panic_unwind/src/lib.rs
#	sgx_rsrvmm/build.rs
#	sgx_trts/src/capi_sgx_sdk.rs
#	sgx_trts/src/inst/hw/inst.rs
#	sgx_trts/src/inst/hyper/inst.rs
#	sgx_trts/src/inst/sim/inst.rs
#	sgx_tstd/hashbrown/src/lib.rs
#	sgx_tstd/hashbrown/src/raw/mod.rs
#	sgx_tstd/src/hash/random.rs
#	sgx_tstd/src/lib.rs
#	sgx_tstd/src/os/net/linux_ext/mod.rs
#	sgx_tstd/src/panic.rs
#	sgx_tstd/src/panicking.rs
#	sgx_tstd/src/personality.rs
#	sgx_tstd/src/sync/mpsc/cache_aligned.rs
#	sgx_tstd/src/sync/remutex.rs
#	sgx_tstd/src/sys/common/thread_local/os_local.rs
#	sgx_tstd/src/sys/net.rs
#	sgx_tstd/src/sys/personality/dwarf/eh.rs
#	sgx_unwind/src/lib.rs
Fix .niprod to .nipd section
Increase METADATA_SIZE to 0x6000
Bump version to 2.27
sgx_trts (49 → 0 warnings):
- capi.rs: remove #[inline] from 35 #[no_mangle] extern functions
- asm/mod.rs: remove #[inline(always)] from #[no_mangle] extern function
- lib.rs: remove stable feature(extract_if)
- rand.rs: replace 3 unsafe transmutes with from_ne_bytes()
- sync/rwlock.rs: add explicit '_ lifetimes to 5 guard return types
- sync/mutex.rs: add explicit '_ lifetime to try_lock return type
- sync/once.rs: add explicit '_ lifetime to lock return type
- veh/exception.rs: fix 2 function-to-integer casts via *const ()

sgx_sync (1 → 0 warnings):
- sys/futex.rs: remove unused core::intrinsics import

sgx_oc (4 → 0 warnings):
- macros.rs: remove #[inline] from f! macro, add "C" ABI to safe_f! macro
- linux/x86_64/mod.rs: add "C" ABI to extern fn() field, allow
  unpredictable_function_pointer_comparisons on C FFI struct sigaction

std/sgx_tstd (31 → 0 warnings):
- lib.rs: remove 4 stable feature flags (let_chains, maybe_uninit_write_slice,
  prelude_2024, vec_into_raw_parts)
- f32.rs, f64.rs: remove #[must_use] from incoherent impl methods (38 each),
  remove 9 unnecessary unsafe blocks around now-safe intrinsics (each)
- sys/fd.rs, sys/net.rs: remove unused MaybeUninit imports
- untrusted/path.rs: remove 4 #[must_use] from trait impl methods
- untrusted/time.rs: remove 3 #[must_use] from trait impl methods

hashbrown_tstd (2 → 0 warnings):
- raw/mod.rs: add targeted #[allow(dead_code)] on RawIterHash/RawIterHashInner
  (public API structs unused in this build config)
Bump the SGX sysroot toolchain from nightly-2025-12-01 (rustc 1.93 / LLVM 21)
to nightly-2026-06-21 (rustc 1.98 / LLVM 22). Reconcile sgx_tstd (a hard fork
of std) with ~6 months of upstream std evolution:

- cargo: custom .json target specs now require -Zjson-target-spec
- sgx_alloc: Layout::dangling() -> dangling_ptr()
- hashbrown: drop the Copy specialization (min_specialization forbids it)
- FD/Timespec niche: drop rustc_layout_scalar_valid_range_* attrs (plain fields)
- BorrowedBuf: new init API (set_init()/is_init(), bool tracking); BorrowedCursor
  gained a generic param; advance() is now unsafe; port default_read_to_end and
  Take::read_buf from matching std
- intrinsics::catch_unwind now returns bool (not i32)
- thread spawn: raw-ptr `as` casts can't extend trait-object lifetimes (rust#141402)
  -> launder the lifetime via transmute
- re-export drift (VaListImpl/Exclusive/format_args_nl), rustc_macro_transparency
  value rename ("semitransparent" -> "semiopaque"), feature-gate updates
- sgx_trts: fully-qualified AsSlice::as_slice to avoid unstable_name_collisions

Full build is clean (0 errors, 0 warnings); deny(unused_features) retained.
The new std prelude re-exports an expanded macro set; sgx_tstd was missing
assert_eq/assert_ne/debug_assert{,_eq,_ne}/matches/todo/try/unimplemented/
unreachable/write/writeln. Downstream crates built with the `std` feature
(e.g. minimal-lexical via nom) failed with "cannot find macro debug_assert".
Surfaced by the enclave-os-mini integration build; sysroot-only builds did
not exercise it.
… in prelude

The prelude never re-exported std's own macros, so downstream crates built with
the `std` feature could not resolve `panic!` (reached via `debug_assert!`),
`vec!`, `format!`, etc. unqualified. Add them, using std's `ambiguous_macros_only`
shadowing trick for `panic`/`vec` (which collide with the modules of the same
name). Surfaced by minimal-lexical/num-traits in the enclave-os-mini build.
- sgx_trts: bump MINOR_VERSION 27 -> 29 so the SDK 2.29 `sgx_sign` accepts the
  enclave ("SDK version is not correct" otherwise — the signer enforces a match
  between the trts-embedded version and the signing SDK).
- Remove the EPID-based `sgx_key_exchange` crate (tkey/ukey_exchange): EPID
  remote attestation was removed from the Intel SGX SDK in 2.28, so it no longer
  links. DCAP/ECDSA attestation (sgx_dcap) is unaffected.
@bfoing bfoing changed the title Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.27 Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.29 Jun 22, 2026
@bfoing bfoing marked this pull request as ready for review June 22, 2026 12:28
# Conflicts:
#	sgx_key_exchange/message/src/lib.rs
#	sgx_key_exchange/message/src/message.rs
#	sgx_key_exchange/tkey_exchange/src/capi.rs
#	sgx_key_exchange/tkey_exchange/src/lib.rs
#	sgx_key_exchange/tkey_exchange/src/session/ecall.rs
#	sgx_key_exchange/tkey_exchange/src/session/initiator.rs
#	sgx_key_exchange/tkey_exchange/src/session/manager.rs
#	sgx_key_exchange/ukey_exchange/build.rs
#	sgx_key_exchange/ukey_exchange/src/capi.rs
#	sgx_key_exchange/ukey_exchange/src/session.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants