[QUESTION] SGX Runtime Hash

[ospfranco]

Hi! Thank you so much for this package, this is powering a lot of functionality in our project. We are now having an issue and not sure how to solve it.

Part of our business case is running luau code on a server. However, we have some stringent requirements to prove what the server is running because of transparency. In order to achieve this we are using Intel's SGX technology. To make a long story short, one needs to compile the Rust code inside an SGX machine and a hash (called mr_enclave) is generated. This mr_enclave is basically a snapshot of the binary code, memory pages and environment flags (which also need to be whitelisted to generate a stable hash).

We just started integrating mlua (with sandboxing) into the server but when we tried deploying it we were faced with non-matching mr_enclave between machines. The moment we call Lua::new() the generated hashes are different. We only faced this ourselves once, when we were using a non-whitelisted env variable, which caused the hash values to differ between machines. It could also be an issue with the memory pages.

We know it's not necessarily the use case for mlua, but do you have any tips/pointers at what could be going on or if there are any environment flags that the luau compilation (via mlua-sys) might be using?

Thanks for the help!

[khvzak]

if there are any environment flags that the luau compilation (via mlua-sys) might be using?

The compilation is done using cc-rs that uses quite a lot of environment variables. What Lua version do you use (and what feature flags)?

[ospfranco]

Apparently it's a known issue that executing dynamic languages inside SGX causes issue. We found scriptshield-lua a project that allows to run lua inside SGX environments. We are doing some testing but it seems this generates a stable hash and solves our issue. Thanks for taking the time to reply!