Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.29#472
Open
bfoing wants to merge 37 commits into
Open
Modernize toolchain: Rust nightly-2026-06-21 / LLVM 22 + Intel SGX SDK 2.29#472bfoing wants to merge 37 commits into
bfoing wants to merge 37 commits into
Conversation
Currently, the code base assumes creation of full rust enclaves, including the entry point. This allows minimal dependency on Intel's SGX SDK. However, this doesn't allow creating static libraries that are to be consumed by existing enclaves, typically written in C or C++ with the full SGX SDK from Intel. We introduce a new use_sgx_sdk feature that mainly allows using symbols from Intel's SGX SDK instead of locally defined ones. This feature is enabled for a new target "x86_64-sgx_sdk_linux_sgx", which is identical to x86_64-unknown-linux-sgx, except for its name and for a specific "sgx_sdk" abi, which allows to manage dependencies.
Useful for convenient handling of sgx exceptions.
- add a top-level CMakeLists.txt - expose the headers not in full sgx sdk on their own
Including exposing some new features now available in std.
--------- Co-authored-by: Edward Boggis-Rolfe <edward@secretarium.org>
The global_data_t struct has a couple of new fields, and more important, the elrange_size field now defaults to 0 instead of enclave_size.
# Conflicts: # rust-toolchain # rustlib/panic_unwind/src/lib.rs # sgx_rsrvmm/build.rs # sgx_trts/src/capi_sgx_sdk.rs # sgx_trts/src/inst/hw/inst.rs # sgx_trts/src/inst/hyper/inst.rs # sgx_trts/src/inst/sim/inst.rs # sgx_tstd/hashbrown/src/lib.rs # sgx_tstd/hashbrown/src/raw/mod.rs # sgx_tstd/src/hash/random.rs # sgx_tstd/src/lib.rs # sgx_tstd/src/os/net/linux_ext/mod.rs # sgx_tstd/src/panic.rs # sgx_tstd/src/panicking.rs # sgx_tstd/src/personality.rs # sgx_tstd/src/sync/mpsc/cache_aligned.rs # sgx_tstd/src/sync/remutex.rs # sgx_tstd/src/sys/common/thread_local/os_local.rs # sgx_tstd/src/sys/net.rs # sgx_tstd/src/sys/personality/dwarf/eh.rs # sgx_unwind/src/lib.rs
Fix .niprod to .nipd section Increase METADATA_SIZE to 0x6000 Bump version to 2.27
sgx_trts (49 → 0 warnings): - capi.rs: remove #[inline] from 35 #[no_mangle] extern functions - asm/mod.rs: remove #[inline(always)] from #[no_mangle] extern function - lib.rs: remove stable feature(extract_if) - rand.rs: replace 3 unsafe transmutes with from_ne_bytes() - sync/rwlock.rs: add explicit '_ lifetimes to 5 guard return types - sync/mutex.rs: add explicit '_ lifetime to try_lock return type - sync/once.rs: add explicit '_ lifetime to lock return type - veh/exception.rs: fix 2 function-to-integer casts via *const () sgx_sync (1 → 0 warnings): - sys/futex.rs: remove unused core::intrinsics import sgx_oc (4 → 0 warnings): - macros.rs: remove #[inline] from f! macro, add "C" ABI to safe_f! macro - linux/x86_64/mod.rs: add "C" ABI to extern fn() field, allow unpredictable_function_pointer_comparisons on C FFI struct sigaction std/sgx_tstd (31 → 0 warnings): - lib.rs: remove 4 stable feature flags (let_chains, maybe_uninit_write_slice, prelude_2024, vec_into_raw_parts) - f32.rs, f64.rs: remove #[must_use] from incoherent impl methods (38 each), remove 9 unnecessary unsafe blocks around now-safe intrinsics (each) - sys/fd.rs, sys/net.rs: remove unused MaybeUninit imports - untrusted/path.rs: remove 4 #[must_use] from trait impl methods - untrusted/time.rs: remove 3 #[must_use] from trait impl methods hashbrown_tstd (2 → 0 warnings): - raw/mod.rs: add targeted #[allow(dead_code)] on RawIterHash/RawIterHashInner (public API structs unused in this build config)
Bump the SGX sysroot toolchain from nightly-2025-12-01 (rustc 1.93 / LLVM 21)
to nightly-2026-06-21 (rustc 1.98 / LLVM 22). Reconcile sgx_tstd (a hard fork
of std) with ~6 months of upstream std evolution:
- cargo: custom .json target specs now require -Zjson-target-spec
- sgx_alloc: Layout::dangling() -> dangling_ptr()
- hashbrown: drop the Copy specialization (min_specialization forbids it)
- FD/Timespec niche: drop rustc_layout_scalar_valid_range_* attrs (plain fields)
- BorrowedBuf: new init API (set_init()/is_init(), bool tracking); BorrowedCursor
gained a generic param; advance() is now unsafe; port default_read_to_end and
Take::read_buf from matching std
- intrinsics::catch_unwind now returns bool (not i32)
- thread spawn: raw-ptr `as` casts can't extend trait-object lifetimes (rust#141402)
-> launder the lifetime via transmute
- re-export drift (VaListImpl/Exclusive/format_args_nl), rustc_macro_transparency
value rename ("semitransparent" -> "semiopaque"), feature-gate updates
- sgx_trts: fully-qualified AsSlice::as_slice to avoid unstable_name_collisions
Full build is clean (0 errors, 0 warnings); deny(unused_features) retained.
The new std prelude re-exports an expanded macro set; sgx_tstd was missing
assert_eq/assert_ne/debug_assert{,_eq,_ne}/matches/todo/try/unimplemented/
unreachable/write/writeln. Downstream crates built with the `std` feature
(e.g. minimal-lexical via nom) failed with "cannot find macro debug_assert".
Surfaced by the enclave-os-mini integration build; sysroot-only builds did
not exercise it.
… in prelude The prelude never re-exported std's own macros, so downstream crates built with the `std` feature could not resolve `panic!` (reached via `debug_assert!`), `vec!`, `format!`, etc. unqualified. Add them, using std's `ambiguous_macros_only` shadowing trick for `panic`/`vec` (which collide with the modules of the same name). Surfaced by minimal-lexical/num-traits in the enclave-os-mini build.
- sgx_trts: bump MINOR_VERSION 27 -> 29 so the SDK 2.29 `sgx_sign` accepts the
enclave ("SDK version is not correct" otherwise — the signer enforces a match
between the trts-embedded version and the signing SDK).
- Remove the EPID-based `sgx_key_exchange` crate (tkey/ukey_exchange): EPID
remote attestation was removed from the Intel SGX SDK in 2.28, so it no longer
links. DCAP/ECDSA attestation (sgx_dcap) is unaffected.
# Conflicts: # sgx_key_exchange/message/src/lib.rs # sgx_key_exchange/message/src/message.rs # sgx_key_exchange/tkey_exchange/src/capi.rs # sgx_key_exchange/tkey_exchange/src/lib.rs # sgx_key_exchange/tkey_exchange/src/session/ecall.rs # sgx_key_exchange/tkey_exchange/src/session/initiator.rs # sgx_key_exchange/tkey_exchange/src/session/manager.rs # sgx_key_exchange/ukey_exchange/build.rs # sgx_key_exchange/ukey_exchange/src/capi.rs # sgx_key_exchange/ukey_exchange/src/session.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Modernisations
Rust toolchain (kept current across nightlies):
nightly-2023-11-17→nightly-2026-06-21(rustc ~1.75 → 1.98-nightly), LLVM 19 → 22.sgx_tstd(the vendoredstd) reconciled with upstream std evolution:BorrowedBuf/BorrowedCursorinit API and added generic parameter, FD/Timespecniche representation, prelude macro re-exports (assert_eq/debug_assert/matches, and the std-definedpanic/vec/formatvia theambiguous_macros_onlytrick),intrinsics::catch_unwindreturningbool, trait-object lifetime laundering viatransmute(raw-pointerascasts no longer extend lifetimes),rustc_macro_transparencyvalue rename,Layout::dangling_ptr, the hashbrownmin_specializationfix, and custom.jsontargets now requiring-Zjson-target-spec.Intel SGX SDK (migrated forward):
sgx_trtsSDK version constant so that the 2.29sgx_signaccepts the enclave (the signer enforces a match between the trts-embedded version and the signing SDK).sgx_key_exchangecrate, since EPID remote attestation was removed from the SDK in 2.28. DCAP/ECDSA attestation is unaffected.Build system:
sgx_sysrootCMake target that builds the trusted Rust rlibs (-Zbuild-std=core,alloc) into an installable sysroot, so consumers can compile enclave crates against it without bespoke scripting.Fixes:
sgx_read_randforucrypto; IPP CPUID initialisation for some AVX-512 instruction sets;note.sgxmetasection size;ExceptionInfo64-byte alignment; untrusted-memory pointer dereference hardening;try_error/trim_range_commitfixes.Validated end to end building and signing real SGX enclaves (a base enclave and a WASM runtime) on
nightly-2026-06-21with Intel SGX SDK 2.29.A note on the size
Apologies for the size of this PR. It is large (around 1,800 files) because it spans several Rust nightly cycles of
sgx_tstdreconciliation plus a series of SGX SDK version bumps that accumulated in our downstream fork (Privasys/teaclave-sgx-sdk). None of it is application-specific; it is all generic toolchain, SDK and build modernisation. We are very happy to split it into smaller focused PRs if that is easier to review, just let us know.