Add secure_db_abstraction example (std-only)#171
Conversation
DemesneGH
commented
Feb 27, 2025
DemesneGH
commented
- Add secure_db_abstraction example and test script
- Reduce the parallel building job for STD CI tests, which is the workaround for LTO error
|
@ivila Could you help to review this PR? thanks! |
|
Why don't we make it
|
I did a quick test, and the HashMap and RwLock can be replaced with hashbrown and spin.
I suggest we review and merge the std version first, and then update to the no-std version in a separate PR. This way we can highlight the differences between the two and leave a record for the std version. |
I didn't look into |
@ivila Yep please help review this and provide any comments or the |
|
|
||
| Ok(mut object) => { | ||
| object.close_and_delete()?; | ||
| std::mem::forget(object); |
There was a problem hiding this comment.
Why we need to call std::mem::forget here?
There was a problem hiding this comment.
This comes from legacy example code secure_storage-rs and related explanation is: https://github.com/apache/incubator-teaclave-trustzone-sdk/blob/main/optee-utee/src/object.rs#L1087-L1089
| match PersistentObject::create( | ||
| ObjectStorageConstants::Private, | ||
| obj_id, | ||
| obj_data_flag, | ||
| None, | ||
| data, | ||
| ) { | ||
| Err(e) => { | ||
| bail!("[-] {:?}: failed to create object: {:?}", &obj_id, e); | ||
| } | ||
| Ok(_) => { | ||
| return Ok(()); | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
I think we should just use map_err
PersistentObject::create(
ObjectStorageConstants::Private,
obj_id,
obj_data_flag,
None,
data,
).map_err(|e| bail!("[-] {:?}: failed to create object: {:?}", &obj_id, e))| self.delete(&key)?; | ||
| } | ||
| self.key_list.clear(); | ||
| Ok(()) |
There was a problem hiding this comment.
Shouldn't the key_list delete the key in the same step as the storage? What if the deletion fails midway through processing the key_list?
There was a problem hiding this comment.
self.key_list.clear(); is redundant because in delete() we have self.key_list.remove(key);. So removed the self.key_list.clear();
|
Sorry I forgot the submit the CR comments last night😂 |
DemesneGH
force-pushed
the
main
branch
2 times, most recently
from
974be0a to
d373503
Compare
|
Sorry for the late reply, kind of busy in these days.
|
Add reference implementation for TA that simplifies interaction with secure storage. It provides basic methods for database operations, including `get()`, `put()`, `delete_entries()`, and `list_entries()`, making it easier for developers to store and retrieve data based on Rust Type constraints. The example is std-only for now. Signed-off-by: Yuan Zhuang <yuanz@apache.org> Reviewed-by: Zehui Chen <ivila@apache.org>
The following error sometimes occurs during the build process: "error: failed to get bitcode from object file for LTO (could not find requested section)". This issue is often observed when building with multiple parallel jobs. As a temporary workaround, the number of parallel jobs has been reduced to mitigate the error. Signed-off-by: Yuan Zhuang <yuanz@apache.org> Reviewed-by: Zehui Chen <ivila@apache.org>
|
Seems one issue exists in setup scripts which leads to CI error. Merging this PR and will open a new PR for fix. |
2 participants
