66 lines
3.5 KiB
Markdown
66 lines
3.5 KiB
Markdown
# Occlum
|
|
|
|
Occlum is a memory-safe, multi-process library OS for Intel SGX. As a library OS, it enables *unmodified* applications to run on SGX, thus protecting the confidentiality and integrity of user workloads transparently.
|
|
|
|
Compared to existing library OSes for SGX, Occlum has following unprecedented features:
|
|
|
|
* **Memory safety.** The library OS itself is written in Rust, a memory-safe programming language, thus free from low-level, memory bugs;
|
|
* **Efficient multitasking.** The library OS has a complete and efficient multi-process support, including fast process creation, low-cost IPC, code sharing (e.g., shared libraries) and data sharing (e.g., encrypted file systems).
|
|
* **Fault isolation** - The crash of one user process cannot crash the library OS or other user processes, which is good for system stability and data integrity.
|
|
|
|
## How to Build?
|
|
|
|
### Dependencies
|
|
|
|
Occlum LibOS has several *explicit* and *implicit* dependencies: the former ones must be installed manually, while the latter ones are downloaded and compiled automatically via Makefile.
|
|
|
|
Explicit dependencies are listed below:
|
|
|
|
1. [Occlum's fork of Intel SGX SDK](https://github.com/occlum/linux-sgx/tree/for_occlum). See [README.md](https://github.com/occlum/linux-sgx/blob/for_occlum/README.md) for how to compile and install.
|
|
1. [Occlum's fork of LLVM toolchain](https://github.com/occlum/llvm/tree/for_occlum). See [README.occlum.md](https://github.com/occlum/llvm/blob/for_occlum/README.occlum.md) for how to compile and install.
|
|
1. [Occlum's fork of musl libc](https://github.com/occlum/musl/tree/for_occlum). See [INSTALL](https://github.com/occlum/musl/blob/for_occlum/INSTALL) for how to compile and install.
|
|
1. [enable_rdfsbase kernel module](https://github.com/occlum/enable_rdfsbase), which enables rdfsbase instruction and its friends. See [README.md](https://github.com/occlum/enable_rdfsbase/blob/master/README.md) for how to compile and install.
|
|
1. [Rust programming language](https://www.rust-lang.org/). We have tested with Rust nightly-2018-10-01. Other versions of Rust may or may not work.
|
|
|
|
Implicit dependencies are managed by Git with [.gitmodules](https://github.com/occlum/libos/blob/master/.gitmodules) and compiled with Makefile. The most important implicit dependency is [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk). After downloading Occlum LibOS project, run the following command to set up the implicit dependecies:
|
|
|
|
cd path/to/occlum/libos
|
|
make submodule
|
|
|
|
### Compile
|
|
|
|
Then, compile the project and run tests with the following commands
|
|
|
|
cd path/to/occlum/libos
|
|
make
|
|
make test
|
|
|
|
## How to Use?
|
|
|
|
To be written...
|
|
|
|
## How it Works?
|
|
|
|
To be written...
|
|
|
|
### Architecture Overview
|
|
|
|
To be written...
|
|
|
|
### Software Isolated Processes (SIPs)
|
|
|
|
To be written...
|
|
|
|
## Why the Name?
|
|
|
|
The project name Occlum stems from the word *Occlumency* coined in Harry Porter series by J. K. Rowling. In *Harry Porter and the Order of Pheonix*, Occlumency is described as:
|
|
|
|
> The magical defence of the mind against external penetration. An obscure branch of magic, but a highly useful one... Used properly, the power of Occlumency wil help sheild you from access or influence.
|
|
|
|
The same thing can be said to Occlum, not for mind, but program:
|
|
|
|
> The magical defence of the program agaist external penetration. An obsecure branch of technology, but a highly useful one... Used properly, the power of Occlum will help sheild your program from access or influence.
|
|
|
|
Of course, Occlum must be run on Intel x86 CPUs with SGX support to do its magic.
|
|
|