search

edgelesssys / ego

EGo is an open-source SDK that enables you to develop your own confidential apps in the Go programming language.
https://www.edgeless.systems/products/ego/
Mozilla Public License 2.0
512 stars 51 forks source link

Error returned from the p_sgx_get_quote_config API. #276

Closed Alfred-hhy closed 5 months ago

Alfred-hhy commented 5 months ago

thanks for your help.

Issue description

when I run the attested_tls and remote attestation I could not start the server successfully.

To reproduce

Steps to reproduce the behavior: ego-go build ego sign server ego run server

image image image image

Expected behavior

run correctly

Additional info

thomasten commented 5 months ago

Hi, on what hardware are you running this? If it is a multi-package platform, you may need to register your platform as described in https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf

Alfred-hhy commented 5 months ago

Hello,

Here is the information about my system:

  1. CPU Model and Quantity:

    Architecture:                   x86_64
CPU op-mode(s):                 32-bit, 64-bit
Address sizes:                  39 bits physical, 48 bits virtual
Byte Order:                     Little Endian
CPU(s):                         16
On-line CPU(s) list:            0-15
Vendor ID:                      GenuineIntel
Model name:                     Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz
CPU family:                     6
Model:                          165
Thread(s) per core:             2
Core(s) per socket:             8
Socket(s):                      1
Stepping:                       5
CPU max MHz:                    4800.0000
CPU min MHz:                    800.0000
BogoMIPS:                       5799.77
Flags:                          fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust sgx bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp vnmi pku ospke sgx_lc md_clear flush_l1d arch_capabilities
Virtualization features:        VT-x
L1d cache:                      256 KiB (8 instances)
L1i cache:                      256 KiB (8 instances)
L2 cache:                       2 MiB (8 instances)
L3 cache:                       16 MiB (1 instance)
NUMA node(s):                   1
NUMA node0 CPU(s):              0-15
Vulnerabilities:                Gather data sampling: Mitigation; Microcode, Itlb multihit: KVM: Mitigation: VMX disabled, L1tf: Not affected, Mds: Not affected, Meltdown: Not affected, Mmio stale data: Mitigation; Clear CPU buffers; SMT vulnerable, Retbleed: Mitigation; Enhanced IBRS, Spec rstack overflow: Not affected, Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp, Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization, Spectre v2: Mitigation; Enhanced / Automatic IBRS; IBPB conditional; RSB filling; PBRSB-eIBRS SW sequence; BHI Syscall hardening, KVM SW loop, Srbds: Mitigation; Microcode, Tsx async abort: Not affected

  2. Processor Package Information:

    # dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x004D, DMI type 4, 48 bytes
Processor Information
    Socket Designation: U3E1
    Type: Central Processor
    Family: Core i7
    Manufacturer: Intel(R) Corporation
    ID: 55 06 0A 00 FF FB EB BF
    Signature: Type 0, Family 6, Model 165, Stepping 5
    Flags:
        FPU (Floating-point unit on-chip)
        VME (Virtual mode extension)
        DE (Debugging extension)
        PSE (Page size extension)
        TSC (Time stamp counter)
        MSR (Model specific registers)
        PAE (Physical address extension)
        MCE (Machine check exception)
        CX8 (CMPXCHG8 instruction supported)
        APIC (On-chip APIC hardware supported)
        SEP (Fast system call)
        MTRR (Memory type range registers)
        PGE (Page global enable)
        MCA (Machine check architecture)
        CMOV (Conditional move instruction supported)
        PAT (Page attribute table)
        PSE-36 (36-bit page size extension)
        CLFSH (CLFLUSH instruction supported)
        DS (Debug store)
        ACPI (ACPI supported)
        MMX (MMX technology supported)
        FXSR (FXSAVE and FXSTOR instructions supported)
        SSE (Streaming SIMD extensions)
        SSE2 (Streaming SIMD extensions 2)
        SS (Self-snoop)
        HTT (Multi-threading)
        TM (Thermal monitor supported)
        PBE (Pending break enabled)
    Version: Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz
    Voltage: 0.8 V
    External Clock: 100 MHz
    Max Speed: 4900 MHz
    Current Speed: 2900 MHz
    Status: Populated, Enabled
    Upgrade: Other
    L1 Cache Handle: 0x004A
    L2 Cache Handle: 0x004B
    L3 Cache Handle: 0x004C
    Serial Number: To Be Filled By O.E.M.
    Asset Tag: To Be Filled By O.E.M.
    Part Number: To Be Filled By O.E.M.
    Core Count: 8
    Core Enabled: 8
    Thread Count: 16
    Characteristics:
        64-bit capable
        Multi-Core
        Hardware Thread
        Execute Protection
        Enhanced Virtualization
        Power/Performance Control

  3. SGX Support:

    [    0.421734] sgx: EPC section 0x90200000-0x95ffffff

  4. System Information:

    Linux alfred-ubuntu 6.5.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue May  7 09:00:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

  5. BIOS Information:

    # dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
    Vendor: LENOVO
    Version: M31KT28A
    Release Date: 06/08/2021
    Address: 0xF0000
    Runtime Size: 64 kB
    ROM Size: 16 MB
    Characteristics:
        PCI is supported
        BIOS is upgradeable
        BIOS shadowing is allowed
        Boot from CD is supported
        Selectable boot is supported
        BIOS ROM is socketed
        EDD is supported
        5.25"/1.2 MB floppy services are supported (int 13h)
        3.5"/720 kB floppy services are supported (int 13h)
        3.5"/2.88 MB floppy services are supported (int 13h)
        Print screen service is supported (int 5h)
        8042 keyboard services are supported (int 9h)
        Serial services are supported (int 14h)
        Printer services are supported (int 17h)
        ACPI is supported
        USB legacy is supported
        BIOS boot specification is supported
        Targeted content distribution is supported
        UEFI is supported
    BIOS Revision: 1.40

Handle 0x0069, DMI type 13, 22 bytes
BIOS Language Information
    Language Description Format: Long
    Installable Languages: 3
        en|US|iso8859-1
        fr|FR|iso8859-1
        zh|CN|unicode
    Currently Installed Language: en|US|iso8859-1

  6. Installed SGX Packages:

    
ii  libsgx-ae-epid                             2.24.100.3-jammy1                       amd64        Intel(R) Software Guard Extensions QE and PvE
ii  libsgx-ae-id-enclave                       1.21.100.3-jammy1                       amd64        Intel(R) Software Guard Extensions Data Center Attestation Primitives ID enclave
ii  libsgx-ae-le                               2.24.100.3-jammy1                       amd64        Intel(R) Software Guard Extensions LE
ii  libsgx-ae-pce                              2.24.100.3-jammy1                       amd64        Intel(R) Software Guard Extensions PCE
ii  libsgx-ae-q

e3 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions QE3 ii libsgx-ae-qve 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions QVE ii libsgx-aesm-ecdsa-plugin 2.24.100.3-jammy1 amd64 ECDSA Quote Plugin for Intel(R) Software Guard Extensions AESM Service ii libsgx-aesm-epid-plugin 2.24.100.3-jammy1 amd64 EPID Quote Plugin for Intel(R) Software Guard Extensions AESM Service ii libsgx-aesm-launch-plugin 2.24.100.3-jammy1 amd64 Launch Plugin for Intel(R) Software Guard Extensions AESM Service ii libsgx-aesm-pce-plugin 2.24.100.3-jammy1 amd64 PCE Plugin for Intel(R) Software Guard Extensions AESM Service ii libsgx-aesm-quote-ex-plugin 2.24.100.3-jammy1 amd64 Unified Quote Plugin for Intel(R) Software Guard Extensions AESM Service ii libsgx-dcap-default-qpl 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Default Quote Provider Library ii libsgx-dcap-ql 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Data Center Attestation Primitives ii libsgx-dcap-quote-verify 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Data Center Attestation Primitives ii libsgx-enclave-common 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Enclave Common Loader ii libsgx-epid 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions EPID Quote Service ii libsgx-launch 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Launch Service ii libsgx-pce-logic 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Data Center Attestation Primitives ii libsgx-qe3-logic 1.21.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Data Center Attestation Primitives ii libsgx-quote-ex 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions Unified Quote Service ii libsgx-urts 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions uRTS ii sgx-aesm-service 2.24.100.3-jammy1 amd64 Intel(R) Software Guard Extensions AESM Service



I am running Ubuntu 22.04. I am a beginner and not very familiar with these details. I greatly appreciate your assistance and guidance.

Thank you!
Alfred-hhy commented 5 months ago

Based on the information I gathered, my system is using an Intel Core i7-10700 CPU, which is a single-package processor with 8 cores and 16 threads. There is only one NUMA node (NUMA node0 CPU(s): 0-15). Therefore, it appears that my system is a single-package platform, not a multi-package platform. I am not sure what's the problem.

thomasten commented 5 months ago

EGo uses DCAP attestation, which only works on Xeon CPUs. I'm a bit confused by the error message because I'd expect it to fail earlier on client CPUs, with another message.

(SGX on client CPUs is deprecated by the way.)

Alfred-hhy commented 5 months ago

Thank you for the clarification. I initially referred to the official documentation, which stated that only Xeon processors support DCAP attestation. However, since my curl test was successful, I mistakenly assumed my processor was compatible. Your explanation helps me understand the situation better.