this may indicate that infrastructure for the DCAP attestation requested by Gramine is missing on this machine

309 views
Skip to first unread message

Leila Fathi

unread,
Jan 10, 2023, 8:49:20 AM1/10/23
to Gramine Users
I have installed gramine on my Azure cloud VM :
cat /proc/version Linux version 5.15.0-1029-azure (buildd@lcy02-amd64-076) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #36~20.04.1-Ubuntu SMP Tue Dec 6 17:00:26 UTC 2022

Besides, I installed Azure-DCAP-Client to use DCAP attestation and test Attestation samples in gramine,
when I run the
~/gramine/CI-Examples/ra-tls-mbedtls$ gramine-sgx ./server &
I get error:
error: AESM service returned error 30; this may indicate that infrastructure for the DCAP attestation requested by Gramine is missing on this machine
error: load_enclave() failed with error -1

[1]+  Done                    gramine-sgx ./server

Did I miss something?
Thanks.

Dmitrii Kuvaiskii

unread,
Jan 11, 2023, 11:28:35 AM1/11/23
to Gramine Users
Hi,

Maybe you didn't install all the required SGX AESM packages?

Generally, you'll need to install these packages for AESM:
  sgx-aesm-service
  libsgx-aesm-launch-plugin
  libsgx-aesm-quote-ex-plugin
  libsgx-aesm-ecdsa-plugin
  libsgx-dcap-quote-verify

And when you're using Azure-DCAP-Client, you *must uninstall* this package:
   libsgx-dcap-default-qpl  (because it silently overrides the azure dcap client package)

If the problem persists, try to play with environment variable `SGX_AESM_ADDR=1` (I don't remember what it was for, please google if need some context).

See also some helpers:
  https://hub.docker.com/r/gramineproject/gramine  (check the README carefully)
  https://github.com/gramineproject/gramine/blob/master/packaging/docker/Dockerfile  (a Dockerfile for the Docker image in the link above)
Reply all
Reply to author
Forward
0 new messages