From 65826cb1b675f95e231d43f588b10f1ee3afe52b Mon Sep 17 00:00:00 2001 From: "Tate, Hongliang Tian" Date: Wed, 14 Nov 2018 22:42:15 +0800 Subject: [PATCH] Udpate README.md to reflect the new name Occlum --- README.md | 55 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index edb30a61..742584f3 100644 --- a/README.md +++ b/README.md @@ -1,45 +1,62 @@ -# Rusgx +# Occlum -Rusgx is a single-address-space library OS for Intel SGX. It is written in Rust programming language for memory safety. This project is still work-in-progress. +Occlum is a memory-safe, multi-process library OS for Intel SGX. As a library OS, it enables *unmodified* applications to run on SGX, thus protecting the confidentiality and integrity of user workloads transparently. -## How to build +Compared to existing library OSes for SGX, Occlum has following unprecedented features: + + * **Memory safety.** The library OS itself is written in Rust, a memory-safe programming language, thus free from low-level, memory bugs; + * **Efficient multitasking.** The library OS has a complete and efficient multi-process support, including fast process creation, low-cost IPC, code sharing (e.g., shared libraries) and data sharing (e.g., encrypted file systems). + * **Fault isolation** - The crash of one user process cannot crash the library OS or other user processes, which is good for system stability and data integrity. + +## How to Build? ### Prerequisite -Rusgx depends on [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk/). So, make sure Rust SGX SDk can be built properly. We have tested with Rust SGX SDK 1.1, Rust nightly-2018-08-25 and Intel SGX SDK 2.2 on Ubuntu 16.04. +Occlum depends on [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk/) and [Intel SGX SDK](https://github.com/intel/linux-sgx/). So, make sure Rust SGX SDK and Intel SGX SDK can be built properly on your machine. We have tested with Rust SGX SDK 1.1, Rust nightly-2018-08-25 and Intel SGX SDK 2.2 on Ubuntu 16.04. ### Compile The first time to compile the project, there are some dependencies must be first downloaded. To do this, run the following commands - cd path/to/rusgx - make init + cd path/to/occlum-libos + make submodule Then, compile the project with the following commands cd src/ make -## How to use - -The long-term goal is to integrate a dynamic loader into the library OS so that a single instance of Rusgx can run unmodified executables in multiple software-isolated processes. For now, we don't have to a dynamic loader; so, the temporary solution is to statically link the library OS and the executable together. Another related but different issue is the lack of the fully-fleged C standard library. We now use SGX SDK's tlibc, as it does not depend on syscalls and hence is easy to integrate. We plan to use musl libc in the future. - -### Run all tests +### Run tests Build and run all tests with the following commands - cd test/ - make make test -### Write new program or test +## How to Use? -Add a C file, say `try.c`, in `/test`. To compile the program, run +To be written... - make try +## How it Works? -To run the program, run +To be written... - make test-try +### Architecture Overview + +To be written... + +### Software Isolated Processes (SIPs) + +To be written... + +## Why the Name? + +The project name Occlum stems from the word *Occlumency* coined in Harry Porter series by J. K. Rowling. In *Harry Porter and the Order of Pheonix*, Occlumency is described as: + +> The magical defence of the mind against external penetration. An obscure branch of magic, but a highly useful one... Used properly, the power of Occlumency wil help sheild you from access or influence. + +The same thing can be said to Occlum, not for mind, but program: + +> The magical defence of the program agaist external penetration. An obsecure branch of technology, but a highly useful one... Used properly, the power of Occlum will help sheild your program from access or influence. + +Of course, Occlum must be run on Intel x86 CPUs with SGX support to do its magic. -