gsc: Cannot open device /sgx/sgx_enclave

Skip to first unread message

Shybsmekc Msgrikwd

Jul 30, 2022, 5:50:52 PMJul 30
I am trying to run a graminized python container but getting this error:

error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX kernel module is loaded.
error: load_enclave() failed with error -2

My kernel is Linux 5.15.0-41-generic x86_64 and my host machine is Ubuntu 20.04. Following is the output from is-sgx-available tool:
SGX supported by CPU: true
SGX1 (ECREATE, EENTER, ...): true
SGX2 (EAUG, EACCEPT, EMODPR, ...): false
Flexible Launch Control (IA32_SGXPUBKEYHASH{0..3} MSRs): true
SGX extensions for virtualizers (EINCVIRTCHILD, EDECVIRTCHILD, ESETCONTEXT): false
Extensions for concurrent memory management (ETRACKC, ELDBC, ELDUC, ERDINFO): false
CET enclave attributes support (See Table 37-5 in the SDM): false
Key separation and sharing (KSS) support (CONFIGID, CONFIGSVN, ISVEXTPRODID, ISVFAMILYID report fields): false
Max enclave size (32-bit): 0x80000000
Max enclave size (64-bit): 0x1000000000
EPC size: 0x5e00000
SGX driver loaded: true
AESMD installed: true
SGX PSW/libsgx installed: true

Both /dev/sgx_enclave and /dev/sgx_provision files are present on the host machine. Interestingly, /dev/sgx/enclave and /dev/sgx/provision files are also present. Both sgxsdk and gramine helloworld examples work. Only the gsc is not running. 

Following commands were used to build the image:
1. Created an empty manifest file prior to running the following command. I also used the template config file and only changed the distro to 20.04
./gsc build python python.manifest
2. Signed the image
./gsc sign-image python ~/.config/gramine/enclave-key.pem
3. I checked the signed image with 
./gsc info-image gsc-python
4. But when I try to run the following command, I get the aforementioned error message
docker run gsc-python -c 'print("Hi from enclave")'

Kindly advise. Thank you!

Best regards,

Dmitrii Kuvaiskii

Aug 1, 2022, 2:53:22 AMAug 1
to Shybsmekc Msgrikwd,
> 4. But when I try to run the following command, I get the aforementioned error message
docker run gsc-python -c 'print("Hi from enclave")'

This last step is wrong. You need to pass an option to `docker run`
that you forward the `/dev/sgx_enclave` kernel module. See the
- (step 7)
> --
> You received this message because you are subscribed to the Google Groups "Gramine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit

Yours sincerely,
Dmitrii Kuvaiskii
Reply all
Reply to author
0 new messages