search

aws / aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.
Apache License 2.0
98 stars 74 forks source link

kmstool_enclave_cli error after built with 0.4.1 #123

Open javateck202308 opened 1 year ago

javateck202308 commented 1 year ago

I'm getting errors when build on an EC2, am I missing anything? I'm following https://github.com/aws/aws-nitro-enclaves-sdk-c/tree/main/bin/kmstool-enclave-cli

./kmstool_enclave_cli
Fatal error condition occurred in ../bin/kmstool-enclave-cli/main.c:402: aws_nitro_enclaves_library_seed_entropy(1024) == (0)
Exiting Application
################################################################################
Stack trace:
################################################################################
./kmstool_enclave_cli(aws_backtrace_print+0x95) [0x743eda]
./kmstool_enclave_cli(aws_fatal_assert+0x5b) [0x72f9e4]
./kmstool_enclave_cli(main+0x48) [0x43b7b5]
/usr/lib64/libc.so.6(__libc_start_main+0xea) [0x7f743adb213a]
./kmstool_enclave_cli(_start+0x2a) [0x43a6aa]
Aborted
uname -a
Linux ip-172-31-31-76.ec2.internal 5.10.184-175.749.amzn2.x86_64 #1 SMP Wed Jul 12 18:40:28 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
richardfan1126 commented 1 year ago

The tool can only be used inside the enclave

javateck202308 commented 1 year ago

thanks for such a quick response, making sense.

This is the first time I'm running the enclave, so please bare with me

After I start vsock-proxy from parent EC2, I'm getting different error from enclave, 255, do we have error code documentations? I know that I may miss some configurations, like key policy to allow the Enclave PCR0, etc

thanks for helping