# hellorust in SGX using Mystikos Links: [[-Lexe/Lexe]], [[Rust]], [[SGX]], [[Mystikos]] ## Requirements - [[Mystikos on Azure Ubuntu 20.04]] - [[Rust]] - lexe-deploy repo ## [Getting started with a native Rust program](https://github.com/deislabs/mystikos/blob/main/doc/user-getting-started-rust.md) ### Set up the Rust program ```bash # Go to our hellorust example git clone [email protected]:MaxFangX/lexe-deploy.git cd lexe-deploy/hellorust # Compile cargo build --release ``` ### Set up app dir *`appdir` is the folder that holds the root file system including the application, the dependent libraries, and configurations for our execution environment.* ```bash # Create appdir folder mkdir -p appdir # Copy the Rust binary into the root of appdir cp target/release/hellorust appdir ``` Our binary depends on several dynamic libraries, two of which are not present in the execution environment: 1. `libgcc` (for unwinding and backtrace support) 2. `ld`. These need to go into the `lib` subfolder of `appdir`. Specifically, we need `libgcc_s.so.1` and `ld-linux-x86-64.so.2`. ```bash # Create lib subfolder of appdir mkdir -p appdir/lib # Locate licgcc_s.so.1 - prefer /usr/lib version sudo find / -name libgcc_s.so.1 # Copy it in cp /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 appdir/lib # Locate ld-linux-x86-64.so.2 - prefer /usr/lib version sudo find / -name ld-linux-x86-64.so.2 # Copy it in cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 appdir/lib ``` ### Create a CPIO archive Now we can create a CPIO named `rootfs` out of the folder `appdir` with: ```bash myst mkcpio appdir rootfs # There should now be a file called rootfs in the current directory ls ``` ### Run the program inside an SGX enclave The command to launch the program inside an SGX enclave is a little bit long, compared to just `./appdir/myapp` on Linux. ```bash myst exec-sgx rootfs /hellorust ``` The command specifies `myst` as the driver, and asks the driver to execute a program in an SGX enclave in this manner: 1. Load rootfs as the root file system into the enclave 2. Load `/hellorust` from the file system and execute it. 3. Send parameters following the executable `/hellorust` to it. (in this case we have none) The command specifies myst as the execution environment, and executes a program in a generic Mystikos SGX enclave for development and debugging purpose. This execution mode does not capture the identity of the executing program in the SGX Enclave attestation data, thus is not suitable for production use. If you are interested in shortening the command, please see [packaging](./sign-package.md) as a solution. ### Result ![[Screen Shot 2022-03-27 at 11.42.34 PM.png]] ## Further readings If your Rust program is complicated and requires many dependent libraries, we recommend that you wrap your application in a container. Please see [Getting started with a containerized C++ program](./user-getting-started-docker-c++.md) for details.