search

google / asylo

An open and flexible framework for developing enclave applications
https://asylo.dev
Apache License 2.0
967 stars 126 forks source link

Cannot run simulation mode on non-SGX machine #34

Closed jopasserat closed 5 years ago

jopasserat commented 5 years ago

On a fresh AWS VM without SGX capability, the simulation mode described in the hello world example doesn't work:

(base) ubuntu@ip-XX-XX:~$ sudo docker run -it --rm     -v bazel-cache:/root/.cache/bazel     -v "${MY_PROJECT}":/opt/my-project     -w /opt/my-project     gcr.io/asylo-framework/asylo     bazel run --config=enc-sim //hello_world -- --names="${NAMES}"
Starting local Bazel server and connecting to it...
INFO: Analysed target //hello_world:hello_world (64 packages loaded, 3883 targets configured).
INFO: Found 1 target...
Target //hello_world:hello_world up-to-date:
  bazel-bin/hello_world/hello_world
INFO: Elapsed time: 18.350s, Critical Path: 7.03s
INFO: 12 processes: 12 processwrapper-sandbox.
INFO: Build completed successfully, 20 total actions
INFO: Build completed successfully, 20 total actions
Loading hello_world/hello_enclave.so
2019-06-22 11:47:01  WARNING  untrusted_sgx.cc : 62 : Failed to create an enclave, attempt=0, status=1
2019-06-22 11:47:01  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-22 11:47:01  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-22 11:47:01  FATAL  hello_driver.cc : 55 : Load hello_world/hello_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-22 11:47:01  FATAL  hello_driver.cc : 55 : Load hello_world/hello_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave

The VM runs a stock Ubuntu 18.04, with no customisation, just Docker CE 18.09 installed.

The same example runs fine on my SGX-enabled laptop (Debian testing).

➜  /tmp docker run -it --rm     -v bazel-cache:/root/.cache/bazel     -v "${MY_PROJECT}":/opt/my-project     -w /opt/my-project     gcr.io/asylo-framework/asylo     bazel run --config=enc-sim //hello_world -- --names="${NAMES}"
Starting local Bazel server and connecting to it...
INFO: Analysed target //hello_world:hello_world (64 packages loaded, 3883 targets configured).
INFO: Found 1 target...
Target //hello_world:hello_world up-to-date:
  bazel-bin/hello_world/hello_world
INFO: Elapsed time: 24.240s, Critical Path: 5.69s
INFO: 12 processes: 12 processwrapper-sandbox.
INFO: Build completed successfully, 20 total actions
INFO: Build completed successfully, 20 total actions
Loading hello_world/hello_enclave.so
2019-06-22 11:55:43  INFO  hello_enclave.cc : 40 : Hello jopasserat
2019-06-22 11:55:43  INFO  hello_enclave.cc : 42 : Incrementing visitor count...
Message from enclave: Hello jopasserat! You are visitor #1 to this enclave.

Does the simulation mode need an SGX device/driver/SDK installed to work?

justin1121 commented 5 years ago

I dug into this a little bit in related to this https://github.com/dropoutlabs/tf-trusted/issues/20 and it looks like it breaks because the t3a.2xlarge machine on AWS uses an AMD processor. Any chance asylo will support AMD CPUs for simulation?

jopasserat commented 5 years ago

confirmed! switching to an Intel CPU did it, well spotted @justin1121

jopasserat commented 5 years ago

You might want to make that clear in the doc though