The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to privacy breach incidents is to encapsulate computations over sensitive data within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software is called secure enclaves. Security enclaves hold various advantages against competing privacy-preserving computation techniques; however, enclaves are much more challenging to build than ordinary software. The reason is that developing TEE software has to follow a restrictive programming model to make effective use of the strong memory encryption and segregation enforced by hardware. These constraints transitively apply to all third-party dependencies of the software, thus costing developers considerably more engineering efforts. High development and maintenance cost is one of the major obstacles against employing TEE-based privacy protection in production.

In this paper, we present our experience and achievements with regard to constructing and continuously maintaining a third-party library supply chain for TEE developers. In particular, we port a large collection of Rust third-party libraries into Intel SGX, one of the most mature trusted computing platforms. Our supply chain accepts upstream patches in a timely manner with SGX-specific security auditing. We have been able to maintain the SGX ports of 159 open-source Rust libraries with reasonable operational costs. Our work can effectively reduce the engineering cost of developing SGX enclaves for privacy-preserving data processing and exchange.