SGX error: NoDevice on SIM Mode

[marioolf]

I am trying to deploy teaclave on simulation mode, these are the steps I did:

$ git clone https://github.com/apache/incubator-teaclave.git

$ docker run --rm -v $(pwd):/teaclave -w /teaclave \
  -it teaclave/teaclave-build-ubuntu-2004-sgx-2.17.1:0.2.0 \
   bash -c ". /root/.cargo/env && \
     . /opt/sgxsdk/environment && \
     mkdir -p build && cd build && \
     git config --global --add safe.directory /teaclave && \
     cmake -DTEST_MODE=ON -DSGX_SIM_MODE=ON .. && \
     make -j"

$ (cd docker && ./run-teaclave-services.sh -m sim)

Output of last command is:

teaclave-authentication-service    | [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.         
teaclave-access-control-service    | [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.         
teaclave-authentication-service    | [get_driver_type /home/sgx/jenkins/ubuntuServer-release-build-with-dcap-driver-219/build_target/PROD/label/Builder-UbuntuSrv18/label_exp/ubuntu64/linux-trunk-opensource/psw/urts/linux/edmm_utility.cpp:116] Failed to open Intel SGX device.                                                                            
teaclave-authentication-service    | Error: Failed to new the enclave.                                               
teaclave-authentication-service    |                                                                                 
teaclave-authentication-service    | Caused by:                                                                      
teaclave-authentication-service    |     found SGX error: NoDevice

For each service.

[henrysun007]

We did not encounter your erros by following your steps in a newly cloned project. It seems your service running in the error log was not built in the simulation mode. I guess you used hardware mode services you built sometime. Please have a try again in a clean project using DOCKER_COMPOSE_FILE=docker-compose-ubuntu-2004.yml in run-teaclave-services.sh since you built your project in the ubuntu 20.04 image.

[marioolf]

Changed docker compose image on run-teaclave-services.sh. Also removed the docker image used to build teaclave so it could be downloaded again. Nothing changed:

COMMAND: docker-compose -f docker-compose-ubuntu-2004.yml up
Recreating teaclave-storage-service        ... done
Recreating teaclave-authentication-service ... done
Recreating teaclave-file-service           ... done
Recreating teaclave-access-control-service ... done
Recreating teaclave-scheduler-service      ... done
Recreating teaclave-management-service     ... done
Recreating teaclave-execution-service      ... done
Recreating teaclave-frontend-service       ... done
Attaching to teaclave-storage-service, teaclave-file-service, teaclave-access-control-service, teaclave-authentication-service,
teaclave-scheduler-service, teaclave-management-service, teaclave-execution-service, teaclave-frontend-service
teaclave-access-control-service    | [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.
teaclave-access-control-service    | [get_driver_type /home/sgx/jenkins/ubuntuServer-release-build-with-dcap-driver-219/build_target/PROD/label/Builder-UbuntuSrv18/label_exp/ubuntu64/linux-trunk-opensource/psw/urts/linux/edmm_utility.cpp:116]  Failed to open Intel SGX device.
teaclave-access-control-service    | Error: Failed to new the enclave.
teaclave-access-control-service    |
teaclave-access-control-service    | Caused by:
teaclave-access-control-service    |     found SGX error: NoDevice

[marioolf]

I assume there should be no problem since I am running teaclave on SIM mode, but just in case, I am running Intel SGX SDK 2.22

[marioolf]

After removing every docker image related to teaclave, it seems that the program actually is on SIM mode. Now receiving this error:

teaclave-scheduler-service         | [TRACE rustls::server::tls12::client_hello] sending server hello Message { version: TLSv1_2, payload: Handshake { parsed: HandshakeMessagePayload { typ: ServerHello, payload: ServerHello(ServerHelloPayload { legacy_version: TLSv1_2, random: a09be0c325eeedb6c1251a1725ccf363563be71b17941f58444f574e47524401, session_id: 3f66b3d2bebb6d47f6630a81d4386e2c7f9d87160e09850ee2b62545fd3c980e, cipher_suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, compression_method: Null, extensions: [Protocols([ProtocolName(6832)]), ServerNameAck, RenegotiationInfo(), ExtendedMasterSecretAck] }) }, encoded: 0200005e0303a09be0c325eeedb6c1251a1725ccf363563be71b17941f58444f574e47524401203f66b3d2bebb6d47f6630a81d4386e2c7f9d87160e09850ee2b62545fd3c980ec02c00001600100005000302683200000000ff0100010000170000 } }
teaclave-scheduler-service         | [DEBUG rustls::server::tls12] Session saved
teaclave-frontend-service exited with code 0
teaclave-authentication-service    | [INFO  teaclave_authentication_service_enclave]  Starting Authentication: Platform first launch, admin user created ...
teaclave-authentication-service    | [INFO  teaclave_authentication_service_enclave]  Starting Authentication: setup API endpoint finished ...
teaclave-authentication-service    | [INFO  teaclave_authentication_service_enclave]  Starting Authentication: setup Internal endpoint finished ...
teaclave-authentication-service    | [TRACE mio::poll] registering event source with poller: token=Token(0), interests=READABLE | WRITABLE
teaclave-authentication-service    | [TRACE mio::poll] registering event source with poller: token=Token(1), interests=READABLE | WRITABLE
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-execution-service         | [DEBUG teaclave_execution_service_enclave::service] heartbeat_with_result response: HeartbeatResponse { command: NoAction }
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-execution-service         | [DEBUG teaclave_execution_service_enclave::service] heartbeat_with_result response: HeartbeatResponse { command: NoAction }
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-execution-service         | [DEBUG teaclave_execution_service_enclave::service] heartbeat_with_result response: HeartbeatResponse { command: NoAction }
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue
teaclave-execution-service         | [DEBUG teaclave_execution_service_enclave::service] heartbeat_with_result response: HeartbeatResponse { command: NoAction }
teaclave-scheduler-service         | [DEBUG teaclave_scheduler_service_enclave::service] Pulling task/cancel queue

Last two lines just loop.

[marioolf]

More from last output, loop comes from this error, which is not understandable since it is running on SIM mode:

teaclave-frontend-service          | [2023-11-24T09:25:09Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:InvalidEcnalveId                                                                                            
teaclave-frontend-service          | [2023-11-24T09:25:09Z ERROR teaclave_binder::binder] IpcError(SgxError(InvalidEcnalveId))                                                                                                               
teaclave-execution-service         | [2023-11-24T09:25:09Z DEBUG teaclave_binder::binder] EnclaveID: 4294967298                 

[henrysun007]

I don't think teaclave services can run in Intel SGX SDK 2.22 without any error.