[SGx Mode] Bugs in Teaclave deployment on azure

[hiteshvpatel256]

I built teaclave on azure Standard DC2s v2 VM instance, following the instruction from https://github.com/apache/incubator-teaclave/blob/master/docs/azure-confidential-computing.md

When I tried to launch Teaclave services, I encountered the following error.

$ (cd docker && ./run-teaclave-services.sh -d)
/var/run/aesmd/aesm.socket socket detected.
Error: No such volume: aesmd-socket
Cannot find a valid sgx device.

I checked properly that SGx driver availability with below results on Azure VM instance.

$ ls /dev/sgx
enclave  provision

[hiteshvpatel256]

Resolved the issue by installing ISGX driver to azure VM.
wget https://download.01.org/intel-sgx/sgx-linux/2.11/distro/ubuntu18.04-server/sgx_linux_x64_driver_2.6.0_b0a445b.bin

Azure VM by default setting up only SGX drivers. So ISGX will be needed to use intel auth services. Also docker volume "aesmd-socket" needs to be created manually if not added as default at the time of installing SGX driver.

[mssun]

@hiteshvpatel256, this could be an issue of detecting sgx devices on Azure in the run-teaclave-services.sh script. Let me setup a new one on Azure and go through the instruction to see the root cause again.

[Torvel]

@mssun That is the same problem that I had and we commented previously on discord (https://discord.com/channels/891067964743376906/891068072503410738/944151562765361192)

[qinkunbao]

@mssun That is the same problem that I had and we commented previously on discord (https://discord.com/channels/891067964743376906/891068072503410738/944151562765361192)

Hi Torvel, thank you for bringing up the issue. We have an internal version of Teaclave, and it works perfectly on Azure Confidential Cloud. The open-source deployment scripts have some problems to be fixed. All the core developers of Teaclave are experiencing some qualifying life events. I will work on the issue once I have access to Azure Confidential VMs.