Build Error

[Roberto Maldonado]

Hi,

I am following he quick start guide and getting an error message:

https://graphene.readthedocs.io/en/latest/quickstart.html

make[3]: *** [Makefile:149: gsgx.h] Error 1
make[3]: Leaving directory '/home/user/graphene/Pal/src/host/Linux-SGX'
make[2]: *** [Makefile:101: host_lib_recurse] Error 2
make[2]: Leaving directory '/home/user/graphene/Pal/src'
make[1]: *** [Makefile:7: all] Error 2
make[1]: Leaving directory '/home/user/graphene/Pal'
make: *** [Makefile:14: all] Error 2

When I run:

make ISGX_DRIVER_PATH=<path-to-sgx-driver-sources> SGX=1

In my system I think path is path is:
make ISGX_DRIVER_PATH=/opt/intel/sgxdriver/ SGX=1

but there's only an uninstall.sh can you point me what the path normally is and what it should be inside?

Thanks in advance

Vr,

Roberto

[Krishnakumar, Sudha]

Hi Roberto,

 

I have listed steps for one way to resolve this(without using meson), there could be other options(using meson).

 

1. Git clone the SGX driver to a local system.
2. Typically, I download it to a path inside the graphene-repo itself.

cd <path_to_your_graphene_repo>/Pal/src/host/Linux-SGX;\

        git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git linux-sgx-driver;\

        cd linux-sgx-driver;\

        git checkout DCAP_1.7 && cp -r driver/linux/* .;\

        cd ../../../../../

 

Note that, I am checking out SGX DCAP driver version 1.7, you can pick a newer version.

 

3. Build your sources, from the main directory of your graphene repo.

ISGX_DRIVER_PATH=linux-sgx-driver make -s -j DEBUG=1 SGX=1

Alternatively, you can also specify the actual path to the linux-sgx-driver

make ISGX_DRIVER_PATH=<path_to_your_graphene_repo>/Pal/src/host/Linux-SGX/linux-sgx-driver -s -j DEBUG=1 SGX=1

 

You can remove DEBUG=1, if you don’t need it.

 

Thanks,

 

Sudha

--
You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/CAP-HYMC_X7wtB04LA5JLHh9ejuVGFfV99EogwNH9bUkM7t7-yA%40mail.gmail.com.

[Roberto Maldonado]

Thanks!! That fix those errors.

I was able to complete step 3 and 4.

At step 5 I am getting the following error:

working dir: <path_to_your_graphene_repo>/LibOS/shim/test/regression

$ make SGX=1
  [ bootstrap_cpp.manifest.sgx.d ]
Traceback (most recent call last):
  File "/usr/local/bin/graphene-sgx-sign", line 4, in <module>
    from graphenelibos.sgx_sign import main
ModuleNotFoundError: No module named 'graphenelibos'
../../../../Scripts/Makefile.Test:41: bootstrap_cpp.manifest.sgx.d: No such file or directory
make: *** [../../../../Scripts//../Pal/src/host/Linux-SGX/manifest.mk:24: bootstrap_cpp.manifest.sgx.d] Error 1

Any idea why it fails?

[Krishnakumar, Sudha]

Not sure about your error.

From your working dir: <path_to_your_graphene_repo>/LibOS/shim/test/regression

Please  try-> make SGX=1 sgx-tokens  -j

 

Thanks,

 

 

From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Roberto Maldonado

--

You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/4663266f-6c9c-477e-8821-1f438ab2af92n%40googlegroups.com.

[Kuvaiskii, Dmitrii]

@Roberto Maldonado What is the SGX driver that you have installed on your system? How did you install it? From where?

 

There are several versions of the SGX driver, see https://graphene.readthedocs.io/en/latest/sgx-intro.html#linux-kernel-drivers. Graphene needs to be told which of these drivers is used.

 

If you successfully installed the SGX driver, then it will appear under /dev/. The name of the driver will give you a hint what version of the driver you have on your system. Reading through this Python script will give you more context: https://github.com/oscarlab/graphene/blob/master/Pal/src/host/Linux-SGX/link-intel-driver.py

 

So say if you see /dev/isgx on your system, then it means you use the “non-DCAP legacy SGX driver”. In this case, you should have installed this driver from https://github.com/intel/linux-sgx-driver, so you should specify the directory where you cloned/downloaded these sources.

 

If you see /dev/sgx/enclave, then it most probably means you have an “DCAP out-of-tree SGX driver”. In this case, you should have a directory like `/usr/src/sgx-X.YZ/`, and you should use this directory as ISGX_DRIVER_PATH.

 

Finally, if you see /dev/sgx_enclave, then most probably you already have the “in-kernel SGX driver”, and you simply can specify an empty path: ISGX_DRIVER_PATH=””.

 

--

Dmitrii

 

From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Roberto Maldonado

Sent: Wednesday, May 5, 2021 12:56 AM
To: sup...@graphene-project.io
Subject: [graphene-support] Build Error

 

Hi,

--

You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/CAP-HYMC_X7wtB04LA5JLHh9ejuVGFfV99EogwNH9bUkM7t7-yA%40mail.gmail.com.

Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva  
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, May 04, 2021 at 05:56:47PM -0700, Roberto Maldonado wrote:
> At step 5 I am getting the following error:
>
> working dir: <path_to_your_graphene_repo>/LibOS/shim/test/regression
> $ make SGX=1
> [ bootstrap_cpp.manifest.sgx.d ]
> Traceback (most recent call last):
> File "/usr/local/bin/graphene-sgx-sign", line 4, in <module>
> from graphenelibos.sgx_sign import main
> ModuleNotFoundError: No module named 'graphenelibos'
> ../../../../Scripts/Makefile.Test:41: bootstrap_cpp.manifest.sgx.d: No such
> file or directory
> make: *** [../../../../Scripts//../Pal/src/host/Linux-SGX/manifest.mk:24:
> bootstrap_cpp.manifest.sgx.d] Error 1
>
> Any idea why it fails?

Please check if graphenelibos package, which should be installed by `ninja
install`, is in python's path:

python3 -c 'import sys; print(sys.path)'

If not, try setting PYTHONPATH to the correct directory:

PYTHONPATH=$(python3 -c 'import sysconfig; print(sysconfig.get_path("platlib", vars={"platbase": "/usr/local"}))')
export PYTHONPATH

after `ninja -C build install` and before running make in
LibOS/shim/test/regression.

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCSgdkACgkQv2vZMhA6
I1EKnw/6AzV1MbQqj1TCFGQFhMW1fg9GcQMSR9N/QVHz3dVVutvXzRQq28AZoa0x
yVnw4vGzdh2bbUzCBSMnW6gtLDZ8PG4DqGffdVqLODiyBqdq45eUQBLR4xl9uT7i
H6/ZueEiB6ZraH8BEiuCSUoKc8SwuYuAo5ilDgl3ENpubK4sHF0FyRuvncRhymER
tV9w0t6/ortQ+5iGwtdhHz9FnIHIP87Ewhqbzw+MNS8ypX3OgqiA7cG/ZDthcFw7
sMRZb4L2Rwlen9HhnoWXIOg/idUPNRxx2HiIv82FfrpSA7R+VIGNELZSbjU4rwen
dU0X8DqtURRoXWyM1/xLGzeDqQr3xv+06UGYxwNH6TrK/D3MtwjVSBkEQgdwyu2V
cZq8jw/KFK98MQOmtoCNMdsJCjTSCUQ+MjoXGxOm0RgGjREhw6sMNYtOYLem6zmi
kv+MK2Nt9FkH7iTjRC8N1sl6zYFWhW3IZlKeYPHaE2cbzMBY7e9oYHmjIEP2zxJG
Fuy97PuUgQcpbitFYKGzj7jZp9hO0sbLL/SplETjqp+7gSE4BZPb+KobWuGB+k8i
rO1lWxilRb237wEYvK7fPxUerWBGDK21/2cPqTPvtyeJMHix+GKrkWWf0O9I6aRl
X7XTfKXQXRFfmaIPViXO+mNAfuTMRfO35Qtj0pDBcEEglGh/AMM=
=mrJ1
-----END PGP SIGNATURE-----

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, May 05, 2021 at 01:30:32PM +0200, Wojtek Porczyk wrote:
> On Tue, May 04, 2021 at 05:56:47PM -0700, Roberto Maldonado wrote:
> > At step 5 I am getting the following error:
> >
> > working dir: <path_to_your_graphene_repo>/LibOS/shim/test/regression
> > $ make SGX=1
> > [ bootstrap_cpp.manifest.sgx.d ]
> > Traceback (most recent call last):
> > File "/usr/local/bin/graphene-sgx-sign", line 4, in <module>
> > from graphenelibos.sgx_sign import main
> > ModuleNotFoundError: No module named 'graphenelibos'
> > ../../../../Scripts/Makefile.Test:41: bootstrap_cpp.manifest.sgx.d: No such
> > file or directory
> > make: *** [../../../../Scripts//../Pal/src/host/Linux-SGX/manifest.mk:24:
> > bootstrap_cpp.manifest.sgx.d] Error 1
> >
> > Any idea why it fails?
>
> Please check if graphenelibos package, which should be installed by `ninja
> install`, is in python's path:
>
> python3 -c 'import sys; print(sys.path)'
>
> If not, try setting PYTHONPATH to the correct directory:
>
> PYTHONPATH=$(python3 -c 'import sysconfig; print(sysconfig.get_path("platlib", vars={"platbase": "/usr/local"}))')
> export PYTHONPATH
>
> after `ninja -C build install` and before running make in
> LibOS/shim/test/regression.

An update on this: looks like this is a consequence of Debian/Ubuntu's
problematic practices WRT Python's paths. Could you please check this PR if it
fixes this problem: https://github.com/oscarlab/graphene/pull/2353?

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCUHpIACgkQv2vZMhA6
I1E+nQ//QecSt6p1TtVePsq0LfNaCQTJoXMLFLo3ZjskSiqo/9/bxEBkQuPP8Qn1
m9Z0kG8N/BMtY9LbVkWtTbChUa8bDakGGe9Wu5sjmnGB+wCVMd8qVtwToNRttVuo
Q4RkCnAssQJLg4ULW23MWPE1Wz82DaaHutpTNIJLBTulJ77jD+RdVOkTv3+ogZ4O
txGOxTPZlva/VPQy8AA8wzLavdxx3ywTSoX/Wl+ribqKIEXuMy9+l8PBilPOfypS
xW9VkzxMTiCqrgXk4842H1acGGjLuOdcHqtbdeUzX4qkBbaFrHCw+JjwnC9kuwFe
glU0Ev0r5HJ4YPDAx4m6UPkUkeqBRGIzALe89v9U9XEZwaq445r9EaZiLl72CNdG
qlBDasnKPsKukucXZrPP/CDCL2ezdwc8oTJG6URS6w5QSu8Do9KwuOHTi6nYSs4B
sZOR9q2XkHCoNdf2kSlUIomruor4VWAqsbPWZF9iuSyIKBVmbVS4LIN53ZtleVyj
Eg3P7o3odXYcc9alomwTg09KVfsjoC3/dpnrHMNSy7KmfFiVdLlGLPZ5wJopEna8
Njjrbb7nfUeZCUvgijKDcm13VVlHsrbzXzkl+fOIKsCZdIVufWMdY7ySrYfkoiIL
anXnQ4MxZ2nPJwYIW4JEDksdaHtdoB70fQaa6PFpkc9lyuLBYJ4=
=pWtB
-----END PGP SIGNATURE-----

[Roberto Maldonado]

Hi all

Thanks for all your responses I am trying everything you all sent me. I am a EE not super familiar with make or meson so I am learning as I go...

For references ">>$" is the command run

I was replacing in paths "roberto" with "user" but at this point there where to many to keep doing it manually

My setup is:

Ubuntu 20 LTS

Intel Core i9-9980HK

Running Bare Metal

Here some out puts from meson after re-running it:

>>$ meson --reconfigure build -Ddirect=enabled -Dsgx=enabled
The Meson build system
Version: 0.53.2
Source dir: /home/user/graphene
Build dir: /home/user/graphene/build
Build type: native build
Project name: graphene
Project version: 1.0
C compiler for the host machine: cc (gcc 9.3.0 "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0")
C linker for the host machine: cc ld.bfd 2.34
Host machine cpu family: x86_64
Host machine cpu: x86_64
DEPRECATION: Project targeting '>=0.45' but tried to use feature deprecated since '0.48.0': python3 module
Program /bin/sh found: YES (/bin/sh)
Configuring graphene-direct using configuration
Configuring graphene-sgx using configuration
Configuring __init__.py using configuration
Configuring _offsets.py using configuration
python/graphenelibos/meson.build:20: WARNING: Got an empty configuration_data() object and found no substitutions in the input file 'generated_offsets.py'. If you want to copy a file to the build dir, use the 'copy:' keyword argument added in 0.47.0
Build targets in project: 0
WARNING: Deprecated features used:
 * 0.48.0: {'python3 module'}

Found ninja-1.10.0 at /usr/bin/ninja

>>$ ninja -C build
ninja: Entering directory `build'
[0/1] Regenerating build files.
The Meson build system
Version: 0.53.2
Source dir: /home/user/graphene
Build dir: /home/user/graphene/build
Build type: native build
Project name: graphene
Project version: 1.0
C compiler for the host machine: cc (gcc 9.3.0 "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0")
C linker for the host machine: cc ld.bfd 2.34
Host machine cpu family: x86_64
Host machine cpu: x86_64
DEPRECATION: Project targeting '>=0.45' but tried to use feature deprecated since '0.48.0': python3 module
Program /bin/sh found: YES (/bin/sh)
Configuring graphene-direct using configuration
Configuring graphene-sgx using configuration
Configuring __init__.py using configuration
Configuring _offsets.py using configuration
python/graphenelibos/meson.build:20: WARNING: Got an empty configuration_data() object and found no substitutions in the input file 'generated_offsets.py'. If you want to copy a file to the build dir, use the 'copy:' keyword argument added in 0.47.0
Build targets in project: 0
WARNING: Deprecated features used:
 * 0.48.0: {'python3 module'}

Found ninja-1.10.0 at /usr/bin/ninja
ninja: no work to do.

>>sudo ninja -C build install
ninja: Entering directory `build'
[0/1] Regenerating build files.
The Meson build system
Version: 0.53.2
Source dir: /home/user/graphene
Build dir: /home/user/graphene/build
Build type: native build
Project name: graphene
Project version: 1.0
C compiler for the host machine: cc (gcc 9.3.0 "cc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0")
C linker for the host machine: cc ld.bfd 2.34
Host machine cpu family: x86_64
Host machine cpu: x86_64
DEPRECATION: Project targeting '>=0.45' but tried to use feature deprecated since '0.48.0': python3 module
Program /bin/sh found: YES (/bin/sh)
Configuring graphene-direct using configuration
Configuring graphene-sgx using configuration
Configuring __init__.py using configuration
Configuring _offsets.py using configuration
python/graphenelibos/meson.build:20: WARNING: Got an empty configuration_data() object and found no substitutions in the input file 'generated_offsets.py'. If you want to copy a file to the build dir, use the 'copy:' keyword argument added in 0.47.0
Build targets in project: 0
WARNING: Deprecated features used:
 * 0.48.0: {'python3 module'}

Found ninja-1.10.0 at /usr/bin/ninja
[0/1] Installing files.
Installing subdir /home/roberto/graphene/Runtime/../Pal/src/host/Linux/gdb_integration to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux/gdb_integration/graphene_linux_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration
Installing subdir /home/roberto/graphene/Runtime/../Pal/gdb_integration to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/pagination_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/graphene.gdb to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/debug_map_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/direct/gdb_integration/common
Installing subdir /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/sgx_gdb.d to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/sgx_gdb.so to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/sgx_gdb.c to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/graphene_sgx_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/sgx_gdb.h to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/gdb_integration/graphene_sgx.gdb to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration
Installing subdir /home/roberto/graphene/Runtime/../Pal/gdb_integration to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/pagination_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/graphene.gdb to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration/common
Installing /home/roberto/graphene/Runtime/../Pal/gdb_integration/debug_map_gdb.py to /usr/local/lib/x86_64-linux-gnu/graphene/sgx/gdb_integration/common
Installing /home/roberto/graphene/LibOS/shim/src/libsysdb.so to /usr/local/lib/x86_64-linux-gnu/graphene
Installing /home/roberto/graphene/LibOS/glibc-build/csu/crt1.o to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Installing /home/roberto/graphene/LibOS/glibc-build/csu/crti.o to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Installing /home/roberto/graphene/LibOS/glibc-build/csu/crtn.o to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Installing /home/roberto/graphene/LibOS/glibc-build/dlfcn/libdl.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/libc.so to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Installing /home/roberto/graphene/LibOS/glibc-build/libc.so.6 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/login/libutil.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/math/libm.so.6 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/mathvec/libmvec.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nis/libnsl.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nptl/libpthread.so.0 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nptl_db/libthread_db.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nss/libnss_compat.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nss/libnss_db.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/nss/libnss_files.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/resolv/libanl.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/resolv/libnss_dns.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/resolv/libresolv.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/rt/librt.so.1 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/LibOS/glibc-build/elf/ld-linux-x86-64.so.2 to /usr/local/lib/x86_64-linux-gnu/graphene/runtime/glibc
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux/libpal.so to /usr/local/lib/x86_64-linux-gnu/graphene/direct
Installing /home/roberto/graphene/build/Runtime/graphene-direct to /usr/local/bin
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/pal-sgx to /usr/local/lib/x86_64-linux-gnu/graphene/sgx
Installing /home/roberto/graphene/Runtime/../Pal/src/host/Linux-SGX/libpal.so to /usr/local/lib/x86_64-linux-gnu/graphene/sgx
Installing /home/roberto/graphene/build/Runtime/graphene-sgx to /usr/local/bin
Installing /home/roberto/graphene/build/python/graphenelibos/__init__.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/python/graphenelibos/manifest.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/build/python/graphenelibos/_offsets.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/python/graphenelibos/_aesm_pb2.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/python/graphenelibos/sgx_get_token.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/python/graphenelibos/sgx_sign.py to /usr/local/lib/python3.8/site-packages/graphenelibos
Installing /home/roberto/graphene/python/graphene-manifest to /usr/local/bin
Installing /home/roberto/graphene/python/graphene-sgx-get-token to /usr/local/bin
Installing /home/roberto/graphene/python/graphene-sgx-sign to /usr/local/bin
Running custom install script '/bin/sh -c ln -s libpal.so "$MESON_INSTALL_DESTDIR_PREFIX"/lib/x86_64-linux-gnu/graphene/direct/loader'
ln: failed to create symbolic link '/usr/local/lib/x86_64-linux-gnu/graphene/direct/loader': File exists
FAILED: meson-install
/usr/bin/meson install --no-rebuild
ninja: build stopped: subcommand failed.

@Wojtek Porczyk Not sure what graphenelibos package should look like can you confirm if is there?

>>$ python3 -c 'import sys; print(sys.path)'
['', '/usr/lib/python38.zip', '/usr/lib/python3.8', '/usr/lib/python3.8/lib-dynload', '/home/roberto/.local/lib/python3.8/site-packages', '/usr/local/lib/python3.8/dist-packages', '/usr/lib/python3/dist-packages']

@dmitrii.kuvaiskii

Had /dev/isgx used the unistall.sh and installed  DCAP what is the preffered for graphene development?

 >>$ make ISGX_DRIVER_PATH=/usr/src/sgx-1.41/ SGX=1
make -C Scripts all
make[1]: Entering directory '/home/roberto/graphene/Scripts'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/roberto/graphene/Scripts'
make -C Pal all
make[1]: Entering directory '/home/roberto/graphene/Pal'
make -C src
make[2]: Entering directory '/home/roberto/graphene/Pal/src'
make -C ../lib target=/home/roberto/graphene/Pal/src/host/Linux-SGX/.lib/
make[3]: Entering directory '/home/roberto/graphene/Pal/lib'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/home/roberto/graphene/Pal/lib'
make[3]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX'
make -C tools
make[4]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools'
make -C common all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/common'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/common'
make -C is-sgx-available all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/is-sgx-available'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/is-sgx-available'
make -C quote-dump all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/quote-dump'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/quote-dump'
make -C ias-request all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/ias-request'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/ias-request'
make -C verify-ias-report all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/verify-ias-report'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/verify-ias-report'
make -C ra-tls all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/ra-tls'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/ra-tls'
make -C pf_crypt all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/pf_crypt'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/pf_crypt'
make -C pf_tamper all
make[5]: Entering directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/pf_tamper'
make[5]: Nothing to be done for 'all'.
make[5]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools/pf_tamper'
make[4]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX/tools'
make[3]: Leaving directory '/home/roberto/graphene/Pal/src/host/Linux-SGX'
make[2]: Leaving directory '/home/roberto/graphene/Pal/src'
make -C crt_init
make[2]: Entering directory '/home/roberto/graphene/Pal/crt_init'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/roberto/graphene/Pal/crt_init'
make[1]: Leaving directory '/home/roberto/graphene/Pal'
make -C LibOS all
make[1]: Entering directory '/home/roberto/graphene/LibOS'
make -C shim all
make[2]: Entering directory '/home/roberto/graphene/LibOS/shim'
make -C src
make[3]: Entering directory '/home/roberto/graphene/LibOS/shim/src'
make -C ../../../Pal/lib target=/home/roberto/graphene/LibOS/shim/src/.lib/
make[4]: Entering directory '/home/roberto/graphene/Pal/lib'
make[4]: Nothing to be done for 'all'.
make[4]: Leaving directory '/home/roberto/graphene/Pal/lib'
make[3]: Leaving directory '/home/roberto/graphene/LibOS/shim/src'
make[2]: Leaving directory '/home/roberto/graphene/LibOS/shim'
make[1]: Leaving directory '/home/roberto/graphene/LibOS'
make -C Runtime all
make[1]: Entering directory '/home/roberto/graphene/Runtime'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/roberto/graphene/Runtime'
make -C Tools all
make[1]: Entering directory '/home/roberto/graphene/Tools'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/roberto/graphene/Tools'

NOTE: We are in the middle of a transition to the Meson buildsystem.
You have successfully built Graphene, now please install Graphene using Meson.
See https://graphene.readthedocs.io/en/latest/building.html for more details.
(For now, please ignore "Build targets in project: 0" and "ninja: no work to do.")

@All

This is the error I am still stock at:

>>$ ~/graphene/LibOS/shim/test/regression$ make SGX=1
  [ bootstrap_cpp.manifest ]

Traceback (most recent call last):

  File "/usr/local/bin/graphene-manifest", line 4, in <module>
    from graphenelibos.manifest import main

ModuleNotFoundError: No module named 'graphenelibos'
../../../../Scripts/Makefile.Test:41: bootstrap_cpp.manifest.sgx.d: No such file or directory

make: *** [../../../../Scripts/manifest.mk:8: bootstrap_cpp.manifest] Error 1

[Kuvaiskii, Dmitrii]

There was a small bug in our build/install scripts (on Debian/Ubuntu). Could you please update to the latest Graphene and try again?

 

For the details on the bug, you can read:

• https://github.com/oscarlab/graphene/pull/2353
• https://github.com/mesonbuild/meson/issues/8739

 

There was also another tiny bug that you seem to have hit as well. It was fixed:

• https://github.com/oscarlab/graphene/pull/2349

 

Please inform us if even after updating to the latest Graphene and following the build & install steps in https://graphene.readthedocs.io/en/latest/building.html#id1, you still experience problems.

 

--

Dmitrii

 

From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Roberto Maldonado

Sent: Friday, May 7, 2021 8:36 PM
To: Graphene Support Mailing List <graphene...@googlegroups.com>
Subject: Re: [graphene-support] Build Error

 

Hi all

--

You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/48728081-ac14-45ac-a9e4-53e87e229667n%40googlegroups.com.

[Roberto Maldonado]

That update fixed the issues. I was able to successfully build graphene although can't really test it since, I am having the FSGSBASE issue. I tried updating the kernel to 5.9, but the drivers wont work now. Tried reinstalling it but wont let me due to the kernel being newer. Also tried building them from source but "make" just returns errors. 

What is the recommended OS and drivers  to use graphene? Is there any OS that run natively in kernel 5.9 and has sgx drivers installed?

Thanks in advance!

Vr,

Roberto

[Kuvaiskii, Dmitrii]

Heh, yes, there is a mess with Linux kernels and the SGX software stack.

 

I would recommend to install Ubuntu 21.04 which comes with Linux 5.11 – it has both FSGSBASE and Intel SGX driver built-in.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/d2fb2843-cd63-44f4-aa53-54b0a4acf9c0n%40googlegroups.com.

[Roberto Maldonado]

@dmitrii.kuvaiskii

Got Ubuntu 21.04 Installed I can see it has kernel5.11.0-16-generic

I tried running the following and it comes blank

>>lsmod | grep sgx

>>ps ax | grep [a]esm_service

How do I access the built-in SGX driver?

[Kuvaiskii, Dmitrii]

Are you sure your machine is SGX-enabled? Are you sure the BIOS enables SGX? Looks like generally, your machine is not exposing SGX (if it even has this hardware feature) to the OS.

 

--

Dmitrii

 

From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Roberto Maldonado
Sent: Tuesday, May 11, 2021 9:39 PM
To: Graphene Support Mailing List <graphene...@googlegroups.com>
Subject: Re: [graphene-support] Build Error

 

@dmitrii.kuvaiskii

--

You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/f3eaa598-36cf-425b-9131-4e940f5c01f4n%40googlegroups.com.

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Wed, May 12, 2021 at 06:22:21AM +0000, Kuvaiskii, Dmitrii wrote:
> Are you sure your machine is SGX-enabled? Are you sure the BIOS enables SGX?
> Looks like generally, your machine is not exposing SGX (if it even has this
> hardware feature) to the OS.

And the machine needs FLC, which is rare. If you don't have FLC, you can't use
inkernel driver.

More info: https://graphene.readthedocs.io/en/latest/sgx-intro.html#term-flc

> From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Roberto Maldonado
> Sent: Tuesday, May 11, 2021 9:39 PM
> To: Graphene Support Mailing List <graphene...@googlegroups.com>
> Subject: Re: [graphene-support] Build Error
>
> @dmitrii.kuvaiskii
>
> Got Ubuntu 21.04 Installed I can see it has kernel5.11.0-16-generic
> I tried running the following and it comes blank
>
> >>lsmod | grep sgx
> >>ps ax | grep [a]esm_service

SGX driver is not a loadable module (it's either built-in or not compiled at
all), so for lsmod this is normal. I'm not sure about aesmd though.

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCdchAACgkQv2vZMhA6
I1HCiw/+K5VEx/kr63Hkci15fLuTy91fDspz8OWPhBylLJb95Tn5zUAHOZ7s3Bje
VQHRwWl7ijeJ3GmprDuPRoQBH4jdnCL8a3wHF6JbR3fbQE/UhNhquYEjgis6/TFf
xWTJePgByAAsGjzoQIGWm7M7B4utnnD6w5z9/7KnzKc+n57eEWQQZgGHjNzXwyye
NaCVssfZf3T/eaAilGZ9x+fXJlTBv+B9MQXZH+IM+ObVYz+x8AvfYrZXRL+0JDzC
+5h+9SevthN+l33zcWTwLd+H+JElxcFfh7sdBZuj80mj3nx0fpGNNPN4lK4xGTD6
hLsVuu2bSnw4o9yRqZm6HediGTBkDxMZpQCutDY7xXapXc+Cljx+CTbxbjUdcpXP
WUx9oMTsqtuHEsvl9VqMgcdzpi3+4s9SaS88z7pzqq8Z5YFdV36YAa0aaGAbcnpr
W4N0xjTgDEiXrtlddoUD71gpp74oD5AENVNZgEG+iPh2jmHaPsg96EI31bSUkDek
mlIqczTOTuWhVhRsxjzt2I8paFjMbrTgqFd1nSa8p89KkVHDanckq0GMHvG2Eyc0
OgHPMM8uLxujxXwiN4dbaYf3vo7n0Huc4K0tYVr7aHo61sQi2KyIhnnmE8hM5Qvs
D2/LkgGHFcUnQlsDePLe+16tq50XfbRs+CZt1k8DlzzWFm17bz4=
=9oZZ
-----END PGP SIGNATURE-----

[Roberto Maldonado]

I found this document online:

https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html

>>$ cpuid | grep -i sgx
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   Software Guard Extensions (SGX) capability (0x12/0):
      SGX1 supported                         = true
      SGX2 supported                         = false
      SGX ENCLV E*VIRTCHILD, ESETCONTEXT     = false
      SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false

>>$ ./test-sgx
eax: 906ed ebx: 3100800 ecx: 7ffafbbf edx: bfebfbff
stepping 13
model 14
family 6
processor type 0
extended model 9
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c67af ecx: 40000000 edx: bc000600
sgx available: 1
sgx launch control: 1

If I understand correctly it does have FLC

Used the bellow path for  "make ISGX_DRIVER_PATH=<path-to-sgx-driver-sources> SGX=1"

/usr/src/linux-headers-5.11.0-16/arch/x86/

_______________________________________________________________

cd LibOS/shim/test/regression

make SGX=1

Installed Jinja2 using bellow command  I was getting an error on step 5 due that it was missing.

>>$ pip install Jinja2

_______________________________________________________________

Getting the bellow error when I run

>>$ graphene-sgx helloworld

error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX kernel module is loaded.
error: load_enclave() failed with error -13

Trying to figure out how to load the SGX kernel module. What I am missing something?

BIOS has SGX enable.

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, May 13, 2021 at 01:01:40PM -0700, Roberto Maldonado wrote:
> >>$ cpuid | grep -i sgx
> SGX: Software Guard Extensions supported = true
> SGX_LC: SGX launch config supported = true
> Software Guard Extensions (SGX) capability (0x12/0):
> SGX1 supported = true
> SGX2 supported = false
> SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
> SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
>
> >>$ ./test-sgx
> eax: 906ed ebx: 3100800 ecx: 7ffafbbf edx: bfebfbff
> stepping 13
> model 14
> family 6
> processor type 0
> extended model 9
> extended family 0
> smx: 0
>
> Extended feature bits (EAX=07H, ECX=0H)
> eax: 0 ebx: 29c67af ecx: 40000000 edx: bc000600
> sgx available: 1
> sgx launch control: 1
>
> If I understand correctly it does have FLC

Yes, this looks correct.

> Used the bellow path for "make ISGX_DRIVER_PATH=<path-to-sgx-driver-sources>
> SGX=1"
>
> /usr/src/linux-headers-5.11.0-16/arch/x86/

Nope, you should define ISGX_DRIVER_PATH= as empty (but set):

make ISGX_DRIVER_PATH= SGX=1

> _______________________________________________________________
> cd LibOS/shim/test/regression
> make SGX=1
>
> Installed Jinja2 using bellow command I was getting an error on step 5 due
> that it was missing.
> >>$ pip install Jinja2
>
> _______________________________________________________________
>
> Getting the bellow error when I run
> >>$ graphene-sgx helloworld
> error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX

^^^^^^^^^^^^^^^^ This path is wrong, possibly
because you misspecified ISGX_DRIVER_PATH as I wrote above. For the upstream
driver this path should be /dev/sgx/enclave (note _ vs /).

> kernel module is loaded.
> error: load_enclave() failed with error -13
>
> Trying to figure out how to load the SGX kernel module. What I am missing
> something?
> BIOS has SGX enable.

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCdncwACgkQv2vZMhA6
I1HEbA//aoXU/9X6se8HjgdiUIV9Cx1hJ+85wWFY2wxp5fL+6h3C5/iWhyIpl3pk
2+dW1/Hate0OHG48rmwGWVRyL3ZgEvDVwh+e9LCu8t7ozXrMS/WmAIaifhHeRHM9
IFvuv3zqYe3fz1OQNbmcIZKHBYG72MJmWiaRIK2wbkjhWc26vdd5pded9fEpvFQt
7JTBE6rXu+K1luDq2DEEYdpcRpLjVJnvYyjwey5Vd7V4DK/flqNQgfMLmB82wo4j
LHIN90CW9Zqs2k6HHH2j9+PL0DVZlFPWQAlQXNy2KK7NSP1nSmDweJDLiDSROb5R
Ugz7GaDs8GtZi/Z+KraS5GhHy/AcafxbgFWoA2Jl+yHLxAodrYeIGxo4xTJzc3y3
yeLXJXh0aRWiiPT6enQ1ljuaHUa3aVDycYVLkb3Vn2E9hAptdmqDXhQO8LBYe69r
74qfspPicT1ok3Vrs4ebJq5Wof51qToApwLXPxvDrF1TY3xDc1CDnD84u+Rpgpg0
PQkH1q7BgTX58tdCWcai3J0eG2IdOQYT+8eDIa7RCooky1TUU6UDVmBcKpYOKly2
lpBqJLKDDxtJzS7kwNbhyLVnfp6gT+sJ01uPpkp3j7yyGYVkQZG0l2GPA70fvxN5
yYoPRkVW3FmlgBFXkB4Sq0rMp/XznyrtqWas9ZC1A6+0G/UuEfM=
=sxE0
-----END PGP SIGNATURE-----

[Roberto Maldonado]

Still getting an error after re-building using: "make ISGX_DRIVER_PATH= SGX=1". Seem its looking in the correct path now and the error number is different. I did notice my machine does not has /dev/sgx/enclave is there a way to make Ubuntu 21.04 to install the driver?

>>$ graphene-sgx helloworld

error: Cannot open device /dev/sgx/enclave. Please make sure the Intel SGX kernel module is loaded.
error: load_enclave() failed with error -2

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Thu, May 13, 2021 at 03:26:00PM -0700, Roberto Maldonado wrote:
> Still getting an error after re-building using: "make ISGX_DRIVER_PATH=
> SGX=1". Seem its looking in the correct path now and the error number is
> different. I did notice my machine does not has /dev/sgx/enclave is there a
> way to make Ubuntu 21.04 to install the driver?
>
>
> >>$ graphene-sgx helloworld
> error: Cannot open device /dev/sgx/enclave. Please make sure the Intel SGX
> kernel module is loaded.
> error: load_enclave() failed with error -2

[snip]

> On Thursday, May 13, 2021 at 5:44:49 PM UTC-4 Wojtek Porczyk wrote:
> > On Thu, May 13, 2021 at 01:01:40PM -0700, Roberto Maldonado wrote:
> > > >>$ graphene-sgx helloworld
> > > error: Cannot open device /dev/sgx_enclave. Please make sure the Intel
> > SGX
> > ^^^^^^^^^^^^^^^^ This path is wrong, possibly
> > because you misspecified ISGX_DRIVER_PATH as I wrote above. For the
> > upstream
> > driver this path should be /dev/sgx/enclave (note _ vs /).
> >
> > > kernel module is loaded.
> > > error: load_enclave() failed with error -13

Now that I've reread this, -2 is -ENOENT and -13 is -EACCES. Looks like you
have the device at /dev/sgx_enclave after all, but the permissions are wrong.

Please check `ls -ld /dev/sgx*` and make sure you have permission to open this
file.

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCeQboACgkQv2vZMhA6
I1HLGBAArDb5fNiC9WHNtLLAyGJEkZ6liTE2RtQsSxhLFLAVW86k8Q8C+jOJl5ZC
Xzc1a9tA9FNix2DQG3i+cDV3HX7S5YwAKp3TDl1dQykWEmCr7kKN9/pETYvsDJWa
1XQedeaYLEMSFKUnX8Y7qFNAecJf3UipdIRthbTnvjrA5neG1zhMfCL51kTiIsqJ
efztlAYzq84HKKY0jcR3Z891DbNVOTVZJLXQZpCgfm5WM+wViswjx2QLyNu4IWeD
U0I0MVdqYqA4I4s2W5mIEKzgkkd/z3I7IHyVpqLGuXDJNN7e3bMFY4uOsXqUC19D
1ZHrHvh5/6ckgGNdqBLgno2LCWeWHBiaFdjfqMbzXY8omrcDuFlA+AxBFDaSCUgA
PQvk8WoAaO6DXaqiPZ1NDAQI4ykvSI9vyrQD1DCZcnbMLhQSPyD2Wvy1sfEoqrGC
9EY1eN+XRjPfSbq0ppKYWavkXdORcaKy0UCfiuLESlD16PrleKGMtxW8qZIBgOn5
u5JQLAyU6FJafI6ZarazpEGdv0Gg8zDlwhf3D/CtMmPsF0NYyNEEnXEmOvS4oamq
BZh7zd8AdD5Y98UwwvbKbWOkqks/motwfgkY2+dHvg+uHqICETKcDesXYzQrNL9g
+qafSiAsgmJc4Fm4WVSzW9C9QONDj1etv8kgQakMbrBDfYPjzI4=
=FQO7
-----END PGP SIGNATURE-----

[Kuvaiskii, Dmitrii]

@Wojtek Porczyk Unfortunately, your previous email is incorrect. If @Roberto Maldonado has a proper Linux 5.11 with the Intel SGX driver built-in, he must specify something like `ISGX_DRIVER_PATH="/usr/src/linux-headers-$(uname -r)/arch/x86"`.

This is because Graphene has a conservative (and probably wrong at this point in time?) assumption that an in-kernel driver has the name `/dev/sgx/enclave`. Which was true for pre-5.11 versions but now it's not true (but many people still use the pre-5.11 version so Graphene still defaults to this). Please see https://github.com/oscarlab/graphene/blob/c781b2ab9081bc5725270a0344206aca28fbdc3e/Pal/src/host/Linux-SGX/link-intel-driver.py#L18.

Please also check our error message: https://github.com/oscarlab/graphene/blob/c781b2ab9081bc5725270a0344206aca28fbdc3e/Pal/src/host/Linux-SGX/link-intel-driver.py#L78. We explicitly ask to specify a path for the 5.11+ in-kernel SGX driver.

As you noticed, the original error from @Roberto Maldonado was probably due to insufficient privileges. Roberto should check the access rights on his /dev/sgx_enclave file.

--
Dmitrii

-----Original Message-----
From: graphene...@googlegroups.com <graphene...@googlegroups.com> On Behalf Of Wojtek Porczyk
Sent: Friday, May 14, 2021 11:24 AM
To: Roberto Maldonado <rmaldon...@gmail.com>
Cc: Graphene Support Mailing List <graphene...@googlegroups.com>
Subject: Re: [graphene-support] Build Error

--
You received this message because you are subscribed to the Google Groups "Graphene Support Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to graphene-suppo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/graphene-support/20210514092410.GO2571%40invisiblethingslab.com.

Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany

Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de>

[Roberto Maldonado]

@dmitrii.kuvaiskii

I check the permissions and they where crwx------so I added +rw

>>$ sudo chown +rx /dev/sgx_*

Bellow output after rebuilding using "$ make ISGX_DRIVER_PATH=/usr/src/linux-headers-5.11.0-16/arch/x86/  SGX=1"

>>$ ls -la /dev/sgx_enclave
crwxr-xr-x 1 root root 10, 126 May 14 07:23 /dev/sgx_enclave

>>$ graphene-sgx helloworld

error: Cannot open device /dev/sgx_enclave. Please make sure the Intel SGX kernel module is loaded.

error: load_enclave() failed with error -13

I tried also with "sudo" errors looks similar

>>$ sudo graphene-sgx helloworld
error: Cannot map enclave pages 1
error: Loading enclave binary failed: -13

error: load_enclave() failed with error -13

Is there something else I can try?

[Wojtek Porczyk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, May 14, 2021 at 05:05:31AM -0700, Roberto Maldonado wrote:
> I check the permissions and they where crwx------so I added +rw
> >>$ sudo chown +rx /dev/sgx_*

Those +rw or +rx? You need +rw.

- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab

I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAmCea6gACgkQv2vZMhA6
I1EJAQ//blO/UYSdl3JwvM5ULz7yWC7zyy6Q2CRFn8aDqyTHHUIVO7ym4QBr2DNl
JrXnhRU3D0eIO7jn9458TRRLY/SOfkQIfUnd2IpOO9AWoLOcw/+z7HcSLp4RS//O
C0rD6b5voGA3sQjhyyFoJecWbezTaltc7Uufv6k3QB9Q2tejyhR50Qb9OD9EAQfE
77JKgmf8vkdjOveKPeu70uT/cJaT6d7cqiPThheJcppeRh+WxAv7LNUmJMZDarZ6
cjdLp17EAsKVpnXYydQvku04V1owTAqz/jYmM2w4slFEjAqR1BastjwfEC0mkekD
TIC7iuGtpmzPujg13souTYaI+0Lh2OeXJbWR8Ge6WaD5S79FlInHBztQ9qA3ubvO
6HPzfLLvH85Umt3t1rsNer593JF0o4gVCFD7ijosepTbjNHA/C2yZyMOPu24tq+r
UXrzRmWGgVxDD6asIQlwTpb3+DjXdD77pjUnnllraVkOE7X6J+7RS1Tic92sg0mQ
pnZcVIUU0rT9JM1HUaXCVd4NAuzR3BwR4zylf0pJwSokVs+RLp6KKlZ2/aYKfZlr
RjtjP+FghDuO86bm52b2s2hhHGsFNVLgzrp4lpTpJ9D6lNEUCvPRuCluLYBe8Hzf
o0e8PqMWqnp8qxMsBODixVd32YhYv6kWDrDLOoR8FIEleETLnN4=
=Ts6U
-----END PGP SIGNATURE-----

[Roberto Maldonado]

It was +rx Try to change it to +rw but was not getting the "w" so I went ahead and did 777. Still not working.

>>$ ls -la /dev/sgx_enclave  
crwxrwxrwx 1 root root 10, 126 May 14 08:26 /dev/sgx_enclave

>>$ graphene-sgx helloworld

error: Cannot map enclave pages 1
error: Loading enclave binary failed: -13
error: load_enclave() failed with error -13

[Avi levin]

Hi

My SGX seem to work with Scone but I have exactly the same problem as Roberto:

 

>>$ graphene-sgx helloworld

error: Cannot map enclave pages 1
error: Loading enclave binary failed: -13
error: load_enclave() failed with error -13

Maybe its related to Ubuntu 21.04? or permission problem?

Another guess - maybe problem with the Bios (although I updated to the latest version).

Thanks,

Avi