Hi,
I am trying to run a graminized python container but getting this error:
error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX kernel module is loaded.
error: load_enclave() failed with error -2
My kernel is Linux 5.15.0-41-generic x86_64 and my host machine is Ubuntu 20.04. Following is the output from is-sgx-available tool:
SGX supported by CPU: true
SGX1 (ECREATE, EENTER, ...): true
SGX2 (EAUG, EACCEPT, EMODPR, ...): false
Flexible Launch Control (IA32_SGXPUBKEYHASH{0..3} MSRs): true
SGX extensions for virtualizers (EINCVIRTCHILD, EDECVIRTCHILD, ESETCONTEXT): false
Extensions for concurrent memory management (ETRACKC, ELDBC, ELDUC, ERDINFO): false
CET enclave attributes support (See Table 37-5 in the SDM): false
Key separation and sharing (KSS) support (CONFIGID, CONFIGSVN, ISVEXTPRODID, ISVFAMILYID report fields): false
Max enclave size (32-bit): 0x80000000
Max enclave size (64-bit): 0x1000000000
EPC size: 0x5e00000
SGX driver loaded: true
AESMD installed: true
SGX PSW/libsgx installed: true
Both /dev/sgx_enclave and /dev/sgx_provision files are present on the host machine. Interestingly, /dev/sgx/enclave and /dev/sgx/provision files are also present. Both sgxsdk and gramine helloworld examples work. Only the gsc is not running.
Following commands were used to build the image:
1. Created an empty manifest file prior to running the following command. I also used the template config file and only changed the distro to 20.04
./gsc build python python.manifest
2. Signed the image
./gsc sign-image python ~/.config/gramine/enclave-key.pem
3. I checked the signed image with
./gsc info-image gsc-python
4. But when I try to run the following command, I get the aforementioned error message
docker run gsc-python -c 'print("Hi from enclave")'
Kindly advise. Thank you!
Best regards,
SM