Help with running ra-tls-secret-prov example
183 views
Skip to first unread message
Dhruv Bhargava
Jan 12, 2022, 9:50:21 AM1/12/22
to us...@gramineproject.io, Edward Dixon
Hi,
I was trying to run the ra-tls secret-prov example but ran in to some problems,
I was able to build all the 3 clients and epid based attestation server, but when I tried building the dcap target it failed. I have attached the error message(error-while-building-dcap.png)
Additionally running the client along with the epid_server(starting_epid_based_attestation_server.png) also failed PFA the error message(run_enclavized_clients_output.png).
I would also like to mention that I was able to run the helloworld example with gramine-sgx launcher without any problems PFA the output for the same(helloworld_output.png).
Here are some system specifics: Virtual Machine: Azure DC1s v2 (4gb memory,1 vCPU)
I was trying to run the ra-tls secret-prov example but ran in to some problems,
I was able to build all the 3 clients and epid based attestation server, but when I tried building the dcap target it failed. I have attached the error message(error-while-building-dcap.png)
Additionally running the client along with the epid_server(starting_epid_based_attestation_server.png) also failed PFA the error message(run_enclavized_clients_output.png).
I would also like to mention that I was able to run the helloworld example with gramine-sgx launcher without any problems PFA the output for the same(helloworld_output.png).
Here are some system specifics: Virtual Machine: Azure DC1s v2 (4gb memory,1 vCPU)
Operating System: Ubuntu 20.04.3 LTS Kernel: Linux 5.11.0-1025-azure
SGX DCAP Driver and SDK link:https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu20.04-server/
Driver version: sgx_linux_x64_driver_2.11.0_2d2b795.bin
SGX Platform Software Packages installed: libsgx-epid, libsgx-quote-ex, libsgx-dcap-ql (as mentioned in the intel's official install guide )
Gramine-installation: sudo apt-get install gramine (as mentioned in gramine quick start doc) Thanks in advance! Regards, Dhruv
Dmitrii Kuvaiskii
Jan 12, 2022, 10:04:31 AM1/12/22
to Dhruv Bhargava, us...@gramineproject.io, Edward Dixon
Dear Dhruv,
1. Ms Azure Confidential Compute VMs do *not* support the EPID
attestation variant (as far as I remember). They only support the DCAP
attestation (even if they support EPID, DCAP is the recommended
variant).
2. Regarding your build issue, please check
https://github.com/gramineproject/graphene/issues/1847. Basically, for
whatever reason, MS Azure VMs do not create the correct symlinks.
Manually creating a symlink will resolve your issue.
> --
> You received this message because you are subscribed to the Google Groups "Gramine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/CAC9Pi5R2mEsQZfV31dtrtW86us%2BjW%2B%2BeEzj8e2q-%3DTNHf5jUUA%40mail.gmail.com.
--
Yours sincerely,
Dmitrii Kuvaiskii
1. Ms Azure Confidential Compute VMs do *not* support the EPID
attestation variant (as far as I remember). They only support the DCAP
attestation (even if they support EPID, DCAP is the recommended
variant).
2. Regarding your build issue, please check
https://github.com/gramineproject/graphene/issues/1847. Basically, for
whatever reason, MS Azure VMs do not create the correct symlinks.
Manually creating a symlink will resolve your issue.
> You received this message because you are subscribed to the Google Groups "Gramine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/CAC9Pi5R2mEsQZfV31dtrtW86us%2BjW%2B%2BeEzj8e2q-%3DTNHf5jUUA%40mail.gmail.com.
--
Yours sincerely,
Dmitrii Kuvaiskii
Dmitrii Kuvaiskii
Jan 12, 2022, 4:14:26 PM1/12/22
to Dhruv Bhargava, us...@gramineproject.io, Edward Dixon
Sorry, you are right, I didn't take a closer look at your screenshot...
You need to build Gramine with `meson setup ... -Ddcap=enabled`. By
default, Gramine is built without DCAP support. Also, the Gramine
package that we provide is built without DCAP support (we'll fix it in
future releases).
Please check: https://gramine.readthedocs.io/en/latest/devel/building.html#additional-build-options
and https://github.com/gramineproject/gramine/blob/master/CI-Examples/ra-tls-mbedtls/README.md.
On Wed, Jan 12, 2022 at 9:29 PM Dhruv Bhargava <dh...@rigr.ai> wrote:
>
> Hi Dmitrii,
>
> Thanks a lot for responding, first of all, I would like to mention that I checked out the github issue and it mentions error while building the ra-tls tool which is different from what I mentioned (ra-tls-secret-prov reference provision server client implementation) and it is also a different shared library namely libsecret_prov_verify_dcap. I even tried finding the library in the /usr/ and its sub directories so that I could create a symlink but the file is not there in the directory /usr/lib/gcc/x86_64-linux-gnu/ or any other sub directories of /usr/ (find_output.png).
>
> I believe this is a gramine specific library, since when I tried running the command without trying to link the libsecret_prov_verify_dcap I got an error (undefined_reference.png) saying undefinded reference to secret_provision_close,secret_provision_start_server and secret_provision_write all of which are functions decalred in gramine/Pal/src/host/Linux-SGX/tools/ra-tls/secret_prov.h so I assumed that this would be installed automatically when I install gramine, but it isn't there.
>
> Thanks in Advance!
>
> regards,
> Dhruv
You need to build Gramine with `meson setup ... -Ddcap=enabled`. By
default, Gramine is built without DCAP support. Also, the Gramine
package that we provide is built without DCAP support (we'll fix it in
future releases).
Please check: https://gramine.readthedocs.io/en/latest/devel/building.html#additional-build-options
and https://github.com/gramineproject/gramine/blob/master/CI-Examples/ra-tls-mbedtls/README.md.
On Wed, Jan 12, 2022 at 9:29 PM Dhruv Bhargava <dh...@rigr.ai> wrote:
>
> Hi Dmitrii,
>
> Thanks a lot for responding, first of all, I would like to mention that I checked out the github issue and it mentions error while building the ra-tls tool which is different from what I mentioned (ra-tls-secret-prov reference provision server client implementation) and it is also a different shared library namely libsecret_prov_verify_dcap. I even tried finding the library in the /usr/ and its sub directories so that I could create a symlink but the file is not there in the directory /usr/lib/gcc/x86_64-linux-gnu/ or any other sub directories of /usr/ (find_output.png).
>
> I believe this is a gramine specific library, since when I tried running the command without trying to link the libsecret_prov_verify_dcap I got an error (undefined_reference.png) saying undefinded reference to secret_provision_close,secret_provision_start_server and secret_provision_write all of which are functions decalred in gramine/Pal/src/host/Linux-SGX/tools/ra-tls/secret_prov.h so I assumed that this would be installed automatically when I install gramine, but it isn't there.
>
> Thanks in Advance!
>
> regards,
> Dhruv
Dhruv Bhargava
Jan 12, 2022, 5:01:08 PM1/12/22
to Dmitrii Kuvaiskii, us...@gramineproject.io, Edward Dixon
Hi Dmitrii,
Thanks a lot for responding, first of all, I would like to mention that I checked out the github issue and it mentions error while building the ra-tls tool which is different from what I mentioned (ra-tls-secret-prov reference provision server client implementation) and it is also a different shared library namely libsecret_prov_verify_dcap. I even tried finding the library in the /usr/ and its sub directories so that I could create a symlink but the file is not there in the directory /usr/lib/gcc/x86_64-linux-gnu/ or any other sub directories of /usr/ (find_output.png).
Thanks a lot for responding, first of all, I would like to mention that I checked out the github issue and it mentions error while building the ra-tls tool which is different from what I mentioned (ra-tls-secret-prov reference provision server client implementation) and it is also a different shared library namely libsecret_prov_verify_dcap. I even tried finding the library in the /usr/ and its sub directories so that I could create a symlink but the file is not there in the directory /usr/lib/gcc/x86_64-linux-gnu/ or any other sub directories of /usr/ (find_output.png).
I believe this is a gramine specific library, since when I tried running the command without trying to link the libsecret_prov_verify_dcap I got an error (undefined_reference.png) saying undefinded reference to secret_provision_close,secret_provision_start_server and secret_provision_write all of which are functions decalred in gramine/Pal/src/host/Linux-SGX/tools/ra-tls/secret_prov.h so I assumed that this would be installed automatically when I install gramine, but it isn't there.
Thanks in Advance!
regards,
Dhruv
On Wed, Jan 12, 2022 at 8:34 PM Dmitrii Kuvaiskii <dmitrii....@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages