this may indicate that infrastructure for the DCAP attestation requested by Gramine is missing on this machine

[Leila Fathi]

I have installed gramine on my Azure cloud VM :
cat /proc/version Linux version 5.15.0-1029-azure (buildd@lcy02-amd64-076) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #36~20.04.1-Ubuntu SMP Tue Dec 6 17:00:26 UTC 2022

Besides, I installed Azure-DCAP-Client to use DCAP attestation and test Attestation samples in gramine,

when I run the

~/gramine/CI-Examples/ra-tls-mbedtls$ gramine-sgx ./server &

I get error:
error: AESM service returned error 30; this may indicate that infrastructure for the DCAP attestation requested by Gramine is missing on this machine
error: load_enclave() failed with error -1

[1]+  Done                    gramine-sgx ./server

Did I miss something?

Thanks.

[Dmitrii Kuvaiskii]

Hi,

Maybe you didn't install all the required SGX AESM packages?

Generally, you'll need to install these packages for AESM:

  sgx-aesm-service
  libsgx-aesm-launch-plugin
  libsgx-aesm-quote-ex-plugin
  libsgx-aesm-ecdsa-plugin
  libsgx-dcap-quote-verify

And when you're using Azure-DCAP-Client, you *must uninstall* this package:

   libsgx-dcap-default-qpl  (because it silently overrides the azure dcap client package)

If the problem persists, try to play with environment variable `SGX_AESM_ADDR=1` (I don't remember what it was for, please google if need some context).

See also some helpers:

  https://docs.oasis.io/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee/

  https://hub.docker.com/r/gramineproject/gramine  (check the README carefully)

  https://github.com/gramineproject/gramine/blob/master/packaging/docker/Dockerfile  (a Dockerfile for the Docker image in the link above)