search

Azure-Samples / microsoft-azure-attestation

Microsoft Azure Attestation is a solution for attesting Trusted Execution Environments (TEEs)
MIT License
30 stars 17 forks source link

Issue with validatequotes #18

Open dnat112 opened 1 year ago

dnat112 commented 1 year ago

This issue is for a:

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

cd sgx.attest.sample.intel.sdk/validatequotes.core ./runone.sh

Any log messages given by the failure

dnat@myvm:~/microsoft-azure-attestation/sgx.attest.sample.intel.sdk/validatequotes.core$ ./runone.sh 
[04:42:16.901] : 
[04:42:16.923] : ************************************************************************************************************************
[04:42:16.923] : *      PARAMETERS FOR THIS RUN
[04:42:16.923] : ************************************************************************************************************************
[04:42:16.923] : Validating filename                : ../genquotes/out/enclave.info.prodid.json
[04:42:16.923] : Using attestation provider         : sharedcus.cus.attest.azure.net
[04:42:16.923] : Including details                  : True
** Message: 04:42:17.094: Remote error from secret service: org.freedesktop.DBus.Error.UnknownMethod: No such interface 'org.freedesktop.Secret.Collection' on object at path /org/freedesktop/secrets/collection/login
Unhandled exception. System.AggregateException: One or more errors occurred. (SharedTokenCacheCredential authentication failed: Persistence check failed. Data was written but it could not be read. Possible cause: on Linux, LibSecret is installed but D-Bus isn't running because it cannot be started over SSH.)
 ---> Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed: Persistence check failed. Data was written but it could not be read. Possible cause: on Linux, LibSecret is installed but D-Bus isn't running because it cannot be started over SSH.
 ---> Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException: Persistence check failed. Data was written but it could not be read. Possible cause: on Linux, LibSecret is installed but D-Bus isn't running because it cannot be started over SSH.
   at Microsoft.Identity.Client.Extensions.Msal.MsalCacheStorage.VerifyPersistence()
   at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.VerifyPersistence()
   at Azure.Identity.MsalClientBase`1.GetClientAsync(Boolean async, CancellationToken cancellationToken)
   at Azure.Identity.MsalClientBase`1.GetClientAsync(Boolean async, CancellationToken cancellationToken)
   at Azure.Identity.MsalPublicClient.GetAccountsAsync(Boolean async, CancellationToken cancellationToken)
   at Azure.Identity.SharedTokenCacheCredential.GetAccountAsync(Boolean async, CancellationToken cancellationToken)
   at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
   at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.SharedTokenCacheCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources, TokenRequestContext requestContext, Boolean async, CancellationToken cancellationToken)
   at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
   at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetHeaderValueFromCredentialAsync(TokenRequestContext context, Boolean async, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequestAsync(HttpMessage message, TokenRequestContext context)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Security.Attestation.AttestationRestClient.AttestSgxEnclaveAsync(AttestSgxEnclaveRequest request, CancellationToken cancellationToken)
   at Azure.Security.Attestation.AttestationClient.AttestSgxEnclaveInternal(AttestationRequest request, Boolean async, CancellationToken cancellationToken)
   at Azure.Security.Attestation.AttestationClient.AttestSgxEnclaveAsync(AttestationRequest request, CancellationToken cancellationToken)
   at validatequotes.Program.RunAsync() in /home/dnat/microsoft-azure-attestation/sgx.attest.sample.intel.sdk/validatequotes.core/Program.cs:line 79
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.WaitAllCore(Task[] tasks, Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at System.Threading.Tasks.Task.WaitAll(Task[] tasks)
   at validatequotes.Program.Main(String[] args) in /home/dnat/microsoft-azure-attestation/sgx.attest.sample.intel.sdk/validatequotes.core/Program.cs:line 19

OS and Version?

Ubuntu 18.04

Mention any other details that might be useful

I am trying to run the intel sdk attestation example on an Azure DC8 v2 instance. The genquotes portion seems to work. However, I am getting a DBus error during the validatequotes portion (when calling maaService.AttestSgxEnclaveAsync).

I am also a little unclear about how access to “default” azure attestation providers (like sharedcus.cus.attest.azure.net) is supposed to work. Is access to services provided by these attestation providers automatic and guaranteed (assuming I have an Azure subscription), or do I need to configure something in my subscription to be able to use any of these default services? If so, could this be the issue? Thanks!

smilenow commented 1 year ago

Hi @dnat112 , have you figured out the cause? I met the same issue even if I change the attestation providers to other regional public providers or my own one created in the azure marketplace.

fabienpe commented 1 year ago

I have the same issue on a newly launched VM "Standard DC1s v2".