Closed zzx-QDU closed 5 months ago
方便发一下硬件信息吗
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 46 bits physical, 57 bits virtual
Byte Order: Little Endian
CPU(s): 64
On-line CPU(s) list: 0-63
Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Silver 4314 CPU @ 2.40GHz
CPU family: 6
Model: 106
Thread(s) per core: 2
Core(s) per socket: 16
Socket(s): 2
Stepping: 6
CPU max MHz: 3400.0000
CPU min MHz: 800.0000
BogoMIPS: 4800.00
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts
acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art
arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclm
ulqdq dtes64 ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 s
se4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm
3dnowprefetch cpuid_fault epb cat_l3 invpcid_single intel_ppin ssbd mba ibrs ibpb s
tibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust
sgx bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap av
x512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec
xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local split_lock_detect
wbnoinvd dtherm ida arat pln pts avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes
vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq la57 rdpid sgx_lc fsrm md
_clear pconfig flush_l1d arch_capabilities
Virtualization features:
Virtualization: VT-x
Caches (sum of all):
L1d: 1.5 MiB (32 instances)
L1i: 1 MiB (32 instances)
L2: 40 MiB (32 instances)
L3: 48 MiB (2 instances)
NUMA:
NUMA node(s): 2
NUMA node0 CPU(s): 0-15,32-47
NUMA node1 CPU(s): 16-31,48-63
Vulnerabilities:
Gather data sampling: Mitigation; Microcode
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Mitigation; Clear CPU buffers; SMT vulnerable
Retbleed: Not affected
Spec rstack overflow: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling, PBRSB-eIBRS SW sequence
Srbds: Not affected
Tsx async abort: Not affected
使用cpuid | grep SGX2也可以看到所有选项都是支持的。
0xe019 错误一般就是 PCCS 访问不通,检查一下有没有配置是否正确。 参考:https://www.secretflow.org.cn/zh-CN/docs/trustedflow/0.2.0b0.post0/quick_start/step1#id7
您是指sgx_default_qcnl.conf配置错了还是我们在部署PCCS时出错?
2024-04-30 07:03:55.505 [error]: Error: The platform was not found in the cache. at ReqCachingMode.getPckCertFromPCS (file:///home/h/predictor/sd/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/caching_modes/cachingMode.js:72:11) at CachingModeManager.getPckCertFromPCS (file:///home/h/predictor/sd/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/caching_modes/cachingModeManager.js:54:23) at Module.getPckCert (file:///home/h/predictor/sd/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/pckcertService.js:115:41) at async getPckCert (file:///home/h/predictor/sd/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/controllers/pckcertController.js:77:25) 2024-04-30 07:03:55.518 [info]: 127.0.0.1 - - [30/Apr/2024:07:03:55 +0000] "GET /sgx/certification/v3/pckcert?qeid=83495CC1CDC5BE73CEF70D7E70611126&encrypted_ppid=107806A7AB3BF31924DADF2D5985D650F45D0315D81AB9A4A6A87ACC4ADC7A60E5CD8364DA4CC5B504AB5E6402D1D882F252535C4560CA7AA86D9B9C0FF3397E41697C5610F656CF83C844E5AF25647422A6F6AED803421CB391E66FB3E9B9AD452CCF7EDA5E0ED8FA999508704ADBDB02AA3A0F5A5E67D57D57D52DBD93D8119759C4F6328F93D80E447C28E26694BEC9250A1AE4F4D7083DDD162CA3E7219BEA509097124033EDFC3EA27BEA8EC968EAAB13FDB0E614784F59318985B249E9266BC39AFC4E68F9FCC69E2273EBE311F7701FF113D259A7D95A08E2F887812842D1F541477248A60909F60100A5283E6C1255170CBEBA3FA7E3FDFA510F7B8CAA575672E2A66DB70D95677B388E38C46006B4EA57B2162260C1AD95DBF050B038C7C5A69BB21ADA840045F3A26855FA232BA8A33AF003465D04544801D716B2A4BC685A726FF410AC13FB25058EE3360A761478981C696C7FB47728937E731DA9BB3F52D9064F4D632156083A878FAE9C8089C5CC739F50F5B590BC5B0453DE&cpusvn=060D0C0CFFFF00000000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"
2024-04-30 07:04:34.416 [info]: Client Request-ID : 4e53a101927e4da7b35ebb6918468bc6 2024-04-30 07:04:34.422 [error]: Error: The platform was not found in the cache. at ReqCachingMode.getPckCertFromPCS (file:///home/h/predictor/sd/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/s
我重启PCCS的服务,原来0xe019 错误没有了,现在的错误是0xe047。
[2024-04-30 07:05:10.052] [info] [sgx2_generator.cc:102] Start generating sgx2 report
[get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe047
thread 'main' panicked at capsule-manager/src/main.rs:53:6:
capsule_manager init error: Error { code: InternalErr, details: Some("runified_attestation_generate_auth_report err: \"[Enforce fail at trustedflow/attestation/generation/sgx2/sgx2_generator.cc:115] ioctl(sgx_fd, SGXIOC_GET_DCAP_QUOTE_SIZE, "e_size) == 0. -1 vs 0.Fail to get quote size, errno = 22\0\""), location: Some(ErrorLocation { line: 198, file: "capsule-manager/src/server.rs" }) }
note: run with RUST_BACKTRACE=1
environment variable to display a backtrace
我同事在部署PCCS的过程中生成了一个证书,请问是否要将这个证书放到docker的指定位置?还是应该在部署PCCS时避免生成证书。
我们去订阅了api接口并重新在lazy模式(之前时req模式)下部署了pccs服务,可以成功启动CapsuleManager。 感谢帮助!
大佬,您好!我在真实机器上启用CapsuleManager时失败,错误为: [2024-04-30 01:09:05.268] [info] [sgx2_generator.cc:102] Start generating sgx2 report [get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe019 thread 'main' panicked at capsule-manager/src/main.rs:53:6: capsule_manager init error: Error { code: InternalErr, details: Some("runified_attestation_generate_auth_report err: \"[Enforce fail at trustedflow/attestation/generation/sgx2/sgx2_generator.cc:115] ioctl(sgx_fd, SGXIOC_GET_DCAP_QUOTE_SIZE, "e_size) == 0. -1 vs 0.Fail to get quote size, errno = 22\0\""), location: Some(ErrorLocation { line: 198, file: "capsule-manager/src/server.rs" }) } note: run with
RUST_BACKTRACE=1
environment variable to display a backtrace 请问这是我们的设置问题还是硬件上的问题?