aws / aws-nitro-enclaves-cli

Tooling for Nitro Enclave Management
Apache License 2.0
123 stars 80 forks source link

Nitro-cli console reports error after successful enclave exit #405

Open nshyrei opened 2 years ago

nshyrei commented 2 years ago

I am trying to run an enclave in debug mode with attached console using nitro-cli console or nitro-cli run-enclave --attach-console. Every time my enclave exits I get this at the end:

[   60.505028] Unregister pv shared memory for cpu 1
[   60.506120] Unregister pv shared memory for cpu 0
[   60.507034] reboot: Restarting system
[   60.507642] reboot: machine restart
[ E45 ] Enclave console read error. Such error appears when reading from a running enclave's console fails.

For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E45

If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2022-08-25T13:18:36.623632872+00:00.log".

My enclave is a simple bash script that runs on Ubuntu and only does sleep before exiting, so I am pretty sure that enclave exits successfully. The error itself doesn't interfere with the application, but adds confusion for the user. Is this a proper behavior for the console or it could be fixed?

My Dockerfile and script look like this:

FROM ubuntu
COPY start.sh /
CMD ./start.sh

sleep 60s

nshyrei commented 1 year ago

I don't see console read error now, but what happens is that the enclave won't exit and hangs with:

[   60.505028] Unregister pv shared memory for cpu 1
[   60.506120] Unregister pv shared memory for cpu 0
[   60.507034] reboot: Restarting system
[   60.507642] reboot: machine restart