apache / incubator-teaclave

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
https://teaclave.apache.org
Apache License 2.0
767 stars 159 forks source link

some problem about sgx_ecdsa attentation #469

Open xglreal opened 3 years ago

xglreal commented 3 years ago

I use the dcap client 'teaclave_sgx_tool ' to get attentation with the dcap service, but some error was occured.

The commend is: _./teaclave_sgx_tool attestation --url https://localhost:8080 --algorithm sgxecdsa

The error is: _root@cc:~/incubator-teaclave# Configured for development. => address: localhost => port: 8080 => log: normal => workers: 4 => secret key: generated => limits: forms = 32KiB => keep-alive: 5s => tls: enabled Mounting /: => POST /sgx/dev/attestation/v4/report application/json (verify_quote) Rocket has launched from https://localhost:8080 POST /sgx/dev/attestation/v4/report application/json: => Matched: POST /sgx/dev/attestation/v4/report application/json (verify_quote) sgx_qv_verify_quote fialed: SGX_QL_QUOTE_CERTIFICATION_DATAUNSUPPORTED => Outcome: Failure => Warning: Responding with 400 Bad Request catcher. => Response succeeded.

Where is the problem about it?

mssun commented 3 years ago

Hi @xglreal, thanks for your question! Sorry, I couldn't help you if you cannot provide more detailed information. Like how did you setup the environment?

xglreal commented 3 years ago

Hi @xglreal, thanks for your question! Sorry, I couldn't help you if you cannot provide more detailed information. Like how did you setup the environment?

The teaclave_dcap_ref_as is builded on the steps: 1、docker run --rm -v $(pwd):/teaclave -w /teaclave \ -it teaclave/teaclave-build-ubuntu-1804-sgx-dcap-1.6:latest \ bash -c ". /root/.cargo/env && \ . /opt/sgxsdk/environment && \ mkdir -p build && cd build && \ cmake -DTEST_MODE=ON -DDCAP=ON .. && \ make" 2、docker run --rm -v $(pwd):/teaclave -w /teaclave \ -it teaclave/teaclave-build-ubuntu-1804-sgx-2.9.1:latest \ bash -c ". /root/.cargo/env && \ . /opt/sgxsdk/environment && \ mkdir -p build && cd build && \ cmake -DTEST_MODE=ON -DDCAP=ON .. && \ make"

and the teaclave_dcap_ref_as will appear in the directory incubator-teaclave/release/dcap/.

I use incubator-teaclave/release/dcap/teaclave_dcap_ref_as, the builded tool to start dcap service. The setup message is below: _Configured for development. => address: localhost => port: 8080 => log: normal => workers: 4 => secret key: generated => limits: forms = 32KiB => keep-alive: 5s => tls: enabled Mounting /: => POST /sgx/dev/attestation/v4/report application/json (verifyquote) Rocket has launched from https://localhost:8080

Then, I use the command ./teaclave_sgx_tool attestation --url https://localhost:8080 --algorithm sgx_ecdsa to get the dcap service, but eventually I fail to get the service. The error message is below: Error: ServiceError

Is there anyone can help me to fix it?

Thanks.