Client side error while running the ra-tls-secret-prov example

25 views
Skip to first unread message

Saikat Mukhopadhyay

unread,
Apr 11, 2024, 8:12:18 AM4/11/24
to Gramine Users
Hello All.

I was trying to run the "client" under ra-tls-secret-prov/secret_prov_pf.
Followed the steps below:- 
export RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
export RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
export RA_TLS_ALLOW_HW_CONFIG_NEEDED=1
export RA_TLS_ALLOW_SW_HARDENING_NEEDED=1
- Secret Provisioning flows, ECDSA-based (DCAP) attestation:

```sh
make app dcap RA_TYPE=dcap

# test encrypted files client (other examples can be tested similarly)
cd secret_prov_pf
./server_dcap wrap_key &

" root@4d46f5483a9e:/gramine/CI-Examples/ra-tls-secret-prov/secret_prov_pf# --- Reading the master key for encrypted files from 'wrap_key' ---
--- Starting the Secret Provisioning server on port 4433 ---
secret_provision_start_server: Secret Provisioning failed during mbedtls_net_bind with error -70
[error] secret_provision_start_server() returned -1 "

I am using Ubuntu 22.04
 Any suggestion would be a great help.



Michał Kowalczyk

unread,
Apr 11, 2024, 12:01:37 PM4/11/24
to Saikat Mukhopadhyay, Gramine Users
Hi,

Could you check if your port 4433 is actually available? (i.e. nothing else is using it right now)

Best,
mkow
--
You received this message because you are subscribed to the Google Groups "Gramine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/7b6a8ddc-b069-4717-9c54-0502b0587aa2n%40googlegroups.com.


Saikat Mukhopadhyay

unread,
Apr 12, 2024, 5:57:32 PM4/12/24
to Gramine Users
I ran this and see the result

saikat@SGX-server:~$ netstat -tuln | grep 4433
tcp        0      0 0.0.0.0:4433            0.0.0.0:*               LISTEN

Michał Kowalczyk

unread,
Apr 12, 2024, 6:01:09 PM4/12/24
to Saikat Mukhopadhyay, Gramine Users
Ok, so you have some other process occupying this TCP port, that's why Gramine fails. You can check the process name with `--program` to netstat (but that may require sudo to work).
OpenPGP_signature.asc

Saikat Mukhopadhyay

unread,
Apr 15, 2024, 6:27:33 PM4/15/24
to Gramine Users
No, Michael, I double-checked. The TCP port is open.
I wonder if anyone has succeeded before with this approach.
Would like to know how they accomplished.
Please let me know.

Regards
Saikat 

Michał Kowalczyk

unread,
Apr 15, 2024, 6:56:03 PM4/15/24
to Saikat Mukhopadhyay, Gramine Users
I don't understand it then, in the previous message you posted netstat output which says that something is occupying that port, but in the last you say that there nothing there?
OpenPGP_signature.asc

Saikat Mukhopadhyay

unread,
Apr 16, 2024, 6:52:14 PM4/16/24
to Gramine Users
Hi Michal.

I posted this before 
saikat@SGX-server:~$ netstat -tuln | grep 4433
tcp        0      0 0.0.0.0:4433            0.0.0.0:*               LISTEN

  • tcp: Indicates that the service is using the TCP protocol.
  • 0.0.0.0:4433: Specifies that the service is listening on all available network interfaces (0.0.0.0) on port 4433.
  • 0.0.0.0:*: Shows that the service is bound to port 4433 but does not specify a particular source IP address (*).
  • LISTEN: Indicates that the service is in the listening state, meaning it's actively accepting incoming connections on port 4433.
It means the port wasn't occupied. it's actively accepting incoming connections.
Reply all
Reply to author
Forward
0 new messages