apache / incubator-teaclave

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
https://teaclave.apache.org
Apache License 2.0
763 stars 158 forks source link

How to deploy teaclave with dcap using docker-compose? #378

Open m3ngzhang opened 4 years ago

m3ngzhang commented 4 years ago

Hi, guys! I am trying to build the whole system with dcap in those days. But I met some problem about how to deploy teaclave. I've already built it successfully with the help of Issue#334. Here is what I got. Starting teaclave-authentication-service ... done Starting teaclave-storage-service ... done Starting teaclave-access-control-service ... done Starting teaclave-scheduler-service ... done Starting teaclave-management-service ... done Starting teaclave-execution-service ... done Starting teaclave-frontend-service ... done Attaching to teaclave-storage-service, teaclave-authentication-service, teaclave-access-control-service, teaclave-scheduler-service, teaclave-management-service, teaclave-execution-service, teaclave-frontend-service teaclave-authentication-service | [2020-07-02T11:12:19Z ERROR teaclave_authentication_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-access-control-service | [2020-07-02T11:12:20Z ERROR teaclave_access_control_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-authentication-service exited with code 0 teaclave-execution-service | [2020-07-02T11:12:26Z ERROR teaclave_execution_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-access-control-service exited with code 0 teaclave-management-service | [2020-07-02T11:12:22Z ERROR teaclave_management_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-scheduler-service | [2020-07-02T11:12:21Z ERROR teaclave_scheduler_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-execution-service exited with code 0 teaclave-management-service exited with code 0 teaclave-storage-service | [2020-07-02T11:12:19Z ERROR teaclave_storage_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-scheduler-service exited with code 0 teaclave-storage-service exited with code 0 teaclave-frontend-service | [2020-07-02T11:12:29Z ERROR teaclave_frontend_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED teaclave-frontend-service exited with code 0 ANY IDEA?

mssun commented 4 years ago

The docker-compose-ubuntu-1804.yml file is using the image built from teaclave-rt.ubuntu-1804.Dockerfile. You need to prepare a runtime image for dcap specifically and also make sure you can access attestation service inside the containers.

m3ngzhang commented 4 years ago

@mssun I wrote another docker-compose .yml file for dcap and I successfully access attestation service inside the seven containers. But there is some error I want to share with u.

POST /sgx/dev/attestation/v4/report application/json: => Matched: POST /sgx/dev/attestation/v4/report application/json (verify_quote) sgx_qv_verify_quote fialed: SGX_QL_QUOTE_FORMAT_UNSUPPORTED => Outcome: Failure => Warning: Responding with 400 Bad Request catcher. => Response succeeded.

The message is from teaclave_dcap_ref_as service. And this is my request I found from trace log.

teaclave-execution-service | [2020-07-03T07:57:18Z TRACE teaclave_attestation::service] POST /sgx/dev/attestation/v4/report HTTP/1.1 teaclave-execution-service | HOST: localhost teaclave-execution-service | Ocp-Apim-Subscription-Key: 00000000000000000000000000000000 teaclave-execution-service | Connection: Close teaclave-execution-service | Content-Length: 1510 teaclave-execution-service | Content-Type: application/json teaclave-execution-service |
teaclave-execution-service | {"isvEnclaveQuote":"AgABAIYLAAALAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAADAAAAAAAAAPSdMwIXyTCOv53UZbLuzN3BVi3DCG/0Kq7yYsNI+NF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/X2yymcMqRtntp3ZTB5zX1HgSVzXACpBc/mOkVdrKmYSND1f58RA3sQePJfgpDSpqwmOyU7Zg0Dew/8h7PaSEqAIAACU+6e53Iqc4m5TVRoz6iO8xpozNgQnECzzPU7FYJ5Yv1JFcRB/j3HekayQGuIuvWt/lD4BMRev/6H0R7BXKafCtwV5xt3shyQXgkOvX2sBkrj0I+SEmsfuBLnWU8sfDz1VxPgW/BGvaAcAzQBF02ajg3sPZtgiTRcx4w9FqtxtcWbrRd1s0ZXd9cKq/xXxkR3ZPYn2fyj0qra6mfcuPpz6eaFirMTKYAt6013zTBcptqp2ZUdkPjGMv34AbqJusJVEDpzrsTq4NwQQWbevxZbaf9/VwO1brQ82IhwaKIn1C5JSxVZYcL63NUPr2ZKr7qoq1COiQgmofOSIJkN/ExW2BX/sfgOlt9+AzmEk2byx1SNtEOc18QC5HkCG4kluiq75ranS4lcI12n2Ds2gBAABe3LUz1jg65OtzfQlie2mEQ+Fb34DOlUgKHYb+8H2X2PEf9clrBUZMNsJ/VeOKC8N2YxdWLfEVgBOTI+r8UgyjgjO6PQ8PdHpCXDADJVw+AWk2julvYes51PH7voKjH8xWKXZEF5coi4shsyygAPlJE8oMotHGlMLas8k8XL0S2w1tUXV6HxoP0qPsSZGd74yylfBpWuO/P7mRjEzD0EOuyv47DglEqaRgSaq7jN6Qf+g733DQnqEiJmqDg+Bl1674uBJQD0yUr4kS7jA0FKB9dtxX3DC6SXmZ9smbbB2kVHiq/lTqf7mbek5cO3RnyJHVe+OJ7pmIOptCtyJe+o3OKXq54nZpfpI+MWB6YAI2HLI89GL0leTce9ozP3qfyawpUTAGgK8t2YqLVoZTkjj1Ku735++iWRJVyQwIGMG+TGrTqYtLzFViam4qpBLypk1hvoLvYjzo4mC+8kbmbKxrHtiUSIo1Vy0XTNfeW+T4CZbcUvPwdkRS"}

SeaCSKY commented 3 years ago

我也遇到了这样的问题, 有办法解决吗

SeaCSKY commented 3 years ago

用dcap做远程认证的时候,报: [2021-10-13T06:17:58Z DEBUG rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305SHA256 [2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Not resuming [2021-10-13T06:17:58Z TRACE rustls::client] EarlyData rejected [2021-10-13T06:17:58Z TRACE rustls::client] Dropping CCS [2021-10-13T06:17:58Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck] [2021-10-13T06:17:58Z DEBUG rustls::client::hs] ALPN protocol is None [2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Server cert is [Certificate(b"0\x82\x0580\x82\x03 \xa0\x03\x02\x01\x02\x02\x14Q\xc1\xec\xc45\x87Z\xc1\xeb\x84y\xdc\xf9\n\xd3\xdf\xe3\x04L0\r\x06\t\x86H\x86\xf7\r\x01\x01\x0b\x05\00K1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\n\x0c\x0bTeaclave CA1\x190\x17\x06\x03U\x04\x03\x0c\x10Teaclave Root CA0\x1e\x17\r211008062559Z\x17\r311006062559Z0D1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x110\x0f\x06\x03U\x04\n\x0c\x08Teaclave1\x150\x13\x06\x03U\x04\x03\x0c\x0cwww.test.com0\x82\x02\"0\r\x06\t\x86H\x86\xf7\r\x01\x01\x01\x05\0\x03\x82\x02\x0f\00\x82\x02\n\x02\x82\x02\x01\0\xc5\xa3:\xbf\x8b\xc6\x10\x11\x06\xec\x1d\xe6\xa3eG\xcf[\x0c\x9d\0\x12\xffpb=\xec\xbc4@\x8fx\xe9\x1f\xb1\xfe\x9f\x1a\xb0\xab\0fx\x176\x96\xb1j\xc54\x1f\xdb4B.U\xf0\x12\xc07%]Z\xa3\x82\n\xa7\xc4q\xf0\xfb\xa0\x88j\xc8\xd6\xe4I\x16\x81\\\xd25=\x16;\xc20<\xf9Ski\xcb\x8e\xf4\xc6\xc0\xea\x99\"V2hP\xad\xf1\xa0\xab;\xb5\xe3\xd3)@\x9f\xf2\x97\x86\xab\x0c\x9c\xd6\x05\x94'\xe9~\x9a\x02f\xdeZS\xb3\xc1\x1b2\xe9\xd8\xc9\x1anh[\xf4%N~\xcf\x8ez\xd7\xca\xef\xab c6:?\x1f\xb2\xcc\xb7\xaf\xde\x0bb\x1c\xe9\x8a\xc7\xd5\x02\xda\x80JH\xa6\xd3mw.\xf9&\xc2_O\xcaI-lx\x1a\xb1\xe6'\x16\x92\xbb\xae\x99\xbd\xda\xb0T\xa5\xa7m\xf2]!j\x01,},\xa6O\xc9V\x10@\xe4\x83\xa4\xd4M\x9f(\xb9\xcam%\xbd\x9f~\xba\x9e\x84L\x04O>\x0e_\xc5(\xe0\x13\xf4G\x81+\xda\r\x9de\xdf\x02\xf4\xeb\xf8\xa2$\xdb\x9f\xd5t\xa0\x14'\x0e\0Do\xcdm\xd7\x0b\xf5\xd7r\xec'\x93\xc6:\rJ\xc2\x8f\x11\x8b\xc4c\x8b\x8b@\x89\\\xd4 \x14h\xa9\x0cLUP\xa1\xfcn\xb5\xa5\xb9N\xdf\xa4:\xab(t74V\xc7\xb3-C\x01\x15\xf6#(\xe4\xdb\xc1L\xaf\x0f\x83\r\x7f\x91J\xe8\x10X\xc5Ue\xb3wl\xa8\\J]\xf8\x07Cih4\xc5\xcb\xaa\xc6~\xe2\xac\x1b\x8e\xc21\x03}\xc7\xb4\xd1\xdf\xeb\x1cx\xceD\xcd\xd8Re\xe6\x04\x96\x85b\x8d\xac\xf0w!\xd9g\xd5\x1e\xfc\xd0h\x8e\x18\xca\x82\xaai\xa1P\xb5B]_S\x87&\x96\xd2\xd5\x8d\xee\xc7\xbf\xd1s\x11^\x159T\x88ON\x8a\xdc\x03\xc2o\xaf\xc2(\t\xf5\xcc\x03v\x9f\x16\xb9\xf9Y\xcf\x89\xca\xc9\0\xee\x8eO\x9a\xa8\x93\xac;=\x88b\xbas\xca\xa1\xe4\xac'\xc2\xa6\x92\xb47\x99Q\xad\xdd\xa7\x84\x04 \xdf\xc5}\xca\xcf\x8c\xd8\x8b\x04\xdd\xad\x9a\xba\xd0\x9a\xbf-\x02\x03\x01\0\x01\xa3\x1b0\x190\x17\x06\x03U\x1d\x11\x04\x100\x0e\x82\x0cwww.test.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\0\x03\x82\x02\x01\0\x96\xab\xd2DL,\xe2S\xf6\xa7\x14FV\x9do\xaa\xac\x885\x15\x8a2\x0fv\xe4D_\x89/\xe2\xdd\\Zy\xb44\xf8\xa2|v|\x0e\xe6M\xbe\x90uU\xea\x82\x8eL@\x1esGX\xfe[\x99*\xce\xc0K\xca9\xa2\x9b7xSV\xe7\xda\x7f\xd2\x17~\x06\xc7\xe6\x9f\xec\xde8\xc5\x9eC\x92\xfcFnA\xa6\x16ob\xc4\xfe\xafk\x13O\xef\xd8p\xa3\x9c0\x02T\x90\xd4f\xab&\xc9\x85tQC\xf4M\t5Sj\xc8t\xa9S\xc3\xcc\xa5\xf2\x88a1p\x94\xees\xc5e~\xc4\x96&\x0co\x8a\x9ei^b\xa55\xe2\x19y\xe5\xd8\x9c\xbd3\xe0\xb7\xef\xb5\xd9\xed\xc6\x01\xc3MC,9\x95NxH\xaf\xbc\xab|\xf1\x80\x1f\x84\xde\xa6=%\x1ag\x1c\xfd\xf0\xc3\xcc\xd2j\xed\x9f\xf9\xadK\xc1\x03\xa0\xd6;\x89\xf1\xb8R:\xaf\xf5\xb1\xe65\x12\xf6\xbc\x06\x1c\xc7\xc6\xb7\x84L\x9c\xb2\xc1O6s\xd8F\x1c\xa1@\xc2\xc1\xab\x88S\x9d\x19\xd8\x83+{\xe3\x07\x9em\xb3\xcc\x99\x18\"p\xe9\x1f\x97/\xa0:\x1b\x96\xf7\x82\xec\xb8\x92\xc8\xd8\x1c+\xd2\x8f\xc8\xa1\xb8\xadw\x1a\xaf\xb9\x05zw9\xa3\xbb2%\xa00\xb6\x8d\xe6%\xbe\xb2\xf7?\xe5\x8f\xb1\xb5\xcfL\x98w\xe1\xf2D\xe6>8\xd2\xa4\x84\xf8\xae\x0f\x9a\x9fA\x1f\r\x0ebfJ\xe7\xb4\xc6}Ee\x8e\xfd\xb3/\x81p\x0f\xef!\x83\xa7\xb2\"$\x1f\x17\x18\xe4\xeb$\x0e\x0b2\xdd#\xc45\xdf\xf8\xfd)U,\xc7\x90\x12\xc4Q\x13)\xd67}>\x1a0\xae\xf1\xec\r5]\x89w\xe8S\x1b\x83\xc8\x85\xa8\xd8 \xa4\xb4\x8cQ\0C\x07\xf4T\xf9Di\x1f8Y\x1a\x01Wh\xbf\x87\xb1\xb3T\x03\xf0gu3_\xe3e\xbdo/!Z\xb0\xe2\x1e\x8b\xe3\xe5\xd2\xe5\x81\xc9\xbf\xac\xf1\xd1\xb0\xc3\xe6\xfc\x86\xd9>\xb27x\xf9r?5.\xe9\xea\xdb\xef\xe6\n\x96\x0c\x8a]\x05\x80\x93 \n\xca\x9e\x94'X\xf1\x1f\xcf\x9f\x17\xa0\x16/\xa2\xdag\xfd\xe4\xdc\xb1")] [2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Ticket saved [2021-10-13T06:17:58Z TRACE teaclave_attestation::service] HTTP/1.1 400 Bad Request Connection: close Content-Type: text/html; charset=utf-8 Server: Rocket Content-Length: 649 Date: Wed, 13 Oct 2021 06:17:58 GMT

            <!DOCTYPE html>
            <html lang="en">
            <head>
                <meta charset="utf-8">
                <title>400 Bad Request</title>
            </head>
            <body align="center">
                <div role="main" align="center">
                    <h1>400: Bad Request</h1>
                    <p>The request could not be understood by the server due
                to malformed syntax.</p>
                    <hr />
                </div>
                <div role="contentinfo" align="center">
                    <small>Rocket</small>
                </div>
            </body>
            </html>

[2021-10-13T06:17:58Z DEBUG teaclave_attestation::service] http_response.parse [2021-10-13T06:17:58Z DEBUG teaclave_attestation::service] Invalid Attestation Evidence Payload. The client should not repeat the request without modifications. [2021-10-13T06:17:58Z ERROR teaclave_authentication_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the request without modifications. [2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111, 114, 34, 125] [2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes [2021-10-13T06:17:58Z TRACE teaclave_authentication_service_enclave] tee receive cmd: 1002, input_buf = [110, 117, 108, 108] [2021-10-13T06:17:58Z DEBUG teaclave_authentication_service_enclave] handle_invoke [2021-10-13T06:17:58Z DEBUG teaclave_service_enclave_utils] Enclave finalizing [2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125] [2021-10-13T06:17:58Z DEBUG teaclave_binder::binder] Dropping TeeBinder, start finalize(). [2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes [2021-10-13T06:17:58Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID [2021-10-13T06:17:58Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))