Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Rust

Introduction

To enhance the Kunpeng TEE usability and lower the expertise requirements for developing trusted applications, the basic capabilities of the TEE OS are enhanced to support Rust applications. The new version of TEE OS is called "confidential OS" to differentiate itself from the TEE OS (iTrustee) of earlier versions. Figure 1 shows the overall architecture of TrustZone with the confidential OS.

Figure 1 Overall architecture
  • tee_teleport: An auxiliary tool deployed in the REE. It can push Rust applications to the TEE and receive the result of application execution in the TEE.
  • To use high-level languages, upgrade the TEE OS to the confidential OS by following instructions in Upgrading the Confidential OS. For details, see the Kunpeng BoostKit 24.0.RC1 Confidential Computing TrustZone Kit Rust Developer Guide. Please contact the Huawei service owner for this document.
  • This feature is available only to designated customers. If other customers want to use this feature, submit an application to the Huawei contact.

Restrictions

  • For security purposes, the confidential OS has file system access control, which forbids access to common system file paths. Avoid system file path access for the applications.
  • If Rust applications invoke an SO library, the SO library needs to be recompiled using the confidential OS SDK.
Parent topic: Key Features