update readme for v0.9.6

Author: dingelish

LICENSE

@@ -1,6 +1,6 @@
 BSD License
 
-Copyright (c) 2017 Baidu, Inc. All Rights Reserved.
+Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions

Readme.md

@@ -1,6 +1,9 @@
 # Rust SGX SDK
 Rust SGX SDK helps developers write Intel SGX applications in Rust programming language. [[Paper pdf]](documents/ccsp17.pdf)
 
+## v0.9.6 Release
+This version provides security enhancement for untrusted IO and additional support for monotonic counter. Untrusted IO operations in `sgx_tstd::fs` `sgx_tstd::net` and `sgx_tstd::time` are **DISABLED by default** to reduce the untrusted surface, and can be enabled by features. Trusted time support is moved to `sgx_tservice::sgxtime` and monotonic counter is provided by `sgx_tservice::sgxcounter`. Please refer to [release_notes](release_notes.md) for further details.
+
 ## v0.9.5 Release
 This is a **milestone version**, and may be the last version before 1.0.0. It provides supports of network access, TLS connection, trusted/untrusted file system access, trusted/untrusted time, and environment variable operations. Most important, it supports `xargo`! Now `x86_64-unknown-linux-sgx` is the new platform target. All of the code samples and third-party libraries could be built by `xargo` via `XARGO_SGX=1 make` (cargo also supported by `make`). What's more, we provide a pair of TLS client/server [sample](samplecode/tls) as a complete stack of secure! Please refer to [release_notes](release_notes.md) for further details.
 

dockerfile/Dockerfile

@@ -66,7 +66,7 @@ RUN wget -O /root/sgx_2.0.tar.gz https://github.com/01org/linux-sgx/archive/sgx_
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-01-19 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-02-05 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     apt-get autoclean && apt-get autoremove && rm -rf /var/cache/apt/archives/*

dockerfile/experimental/Dockerfile

@@ -76,7 +76,7 @@ RUN wget -O /root/sgx_2.0.tar.gz https://github.com/01org/linux-sgx/archive/sgx_
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-01-19 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-02-05 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     apt-get autoclean && apt-get autoremove && rm -rf /var/cache/apt/archives/*

libunwind/build.rs

@@ -15,7 +15,7 @@ fn main() {
     let target = env::var("TARGET").expect("TARGET was not set");
 
     if target.contains("linux") {
-        if target.contains("musl") && !target.contains("mips") {
+        if target.contains("musl") {
             // musl is handled in lib.rs
         } else if !target.contains("android") {
             println!("cargo:rustc-link-lib=gcc_s");
@@ -43,5 +43,7 @@ fn main() {
         println!("cargo:rustc-link-lib=gcc_s");
     } else if target.contains("redox") {
         println!("cargo:rustc-link-lib=gcc");
+    } else if target.contains("cloudabi") {
+        println!("cargo:rustc-link-lib=unwind");
     }
 }

libunwind/lib.rs

@@ -35,7 +35,7 @@ cfg_if! {
     }
 }
 
-#[cfg(all(target_env = "musl", not(target_arch = "mips")))]
+#[cfg(target_env = "musl")]
 #[link(name = "unwind", kind = "static", cfg(target_feature = "crt-static"))]
 #[link(name = "gcc_s", cfg(not(target_feature = "crt-static")))]
 extern {}

libunwind/libunwind.rs

@@ -93,8 +93,7 @@ extern "C" {
 }
 
 cfg_if! {
-if #[cfg(not(any(all(target_os = "android", target_arch = "arm"),
-                 all(target_os = "linux", target_arch = "arm"))))] {
+if #[cfg(all(any(target_os = "ios", not(target_arch = "arm"))))] {
     // Not ARM EHABI
     #[repr(C)]
     #[derive(Copy, Clone, PartialEq)]

release_notes.md

@@ -1,3 +1,10 @@
+# Rust SGX SDK v0.9.6 Release Notes
+**Support latest Rust nightly build (nightly-2018-02-05-x86_64-unknown-linux-gnu)**
+
+**Security enhancement** Added three features for `sgx_tstd`: `untrusted_fs` `untrusted_time` `untrusted_net` to control the insecure ocall interface. By default, io-related features in `fs/time/net` are **DISABLED**. To enable them, please add feature declarations such as `features = ["untrusted_fs"]` for sgx_tstd in `Cargo.toml`. All sample codes and third party libraries are updated accordingly. Note that data from unstrusted `fs/time` are **UNTRUSTED**and thus use them **AT YOUR OWN RISK**. Data from `net` are well-known as untrusted and need validation instinctively. We strongly recommend our TLS termination for network access, instead of using `net` directly.
+
+**Refined sgxtime and support sgxcounter** Moved the trusted time service to `sgx_tservice::sgxtime` and implemented the monotonic counter in `sgx_tservice::sgxcounter`.
+
 # Rust SGX SDK v0.9.5 Release Notes
 **Support latest Rust nightly build (nightly-2018-01-19-x86_64-unknown-linux-gnu)**
 

samplecode/backtrace/enclave/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "Backtracesampleenclave"
-version = "0.9.5"
+version = "0.9.6"
 authors = ["Baidu"]
 
 [lib]
@@ -12,4 +12,4 @@ default = []
 
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../sgx_types" }
-sgx_tstd = { path = "../../../sgx_tstd" }
+sgx_tstd = { path = "../../../sgx_tstd", features = ["backtrace"] }

samplecode/backtrace/enclave/Xargo.toml

@@ -10,6 +10,7 @@ stage = 1
 
 [dependencies.std]
 path = "../../../xargo/sgx_tstd"
+features = ["backtrace"]
 stage = 2
 
 [dependencies.sgx_rand]