Error running gcc example

marcelamelara commented 2 years ago

I'm currently testing my Gramine-SGX installation to run a locally installed binary in SGX, and have encountered an error when running the gcc example from within the gcc directory.

make SGX=1 SGX_SIGNER_KEY=~/.config/gramine/enclave-key.pem check

Compiling hello.c...
gramine-sgx gcc test_files/helloworld.c -o test_files/hello
debug: Token file: gcc.token
debug: Read dummy DCAP token
debug: enclave created:
debug:     base:           0x0000000000000000
debug:     size:           0x0000000040000000
debug:     misc_select:    0x00000000
debug:     attr.flags:     0x0000000000000005
debug:     attr.xfrm:      0x00000000000000e7
debug:     ssa_frame_size: 4
debug:     isv_prod_id:    0x00000000
debug:     isv_svn:        0x00000000
debug: adding pages to enclave: 0x3ff0b000-0x40000000 [REG:R--] (manifest) measured
debug: adding pages to enclave: 0x3feeb000-0x3ff0b000 [REG:RW-] (ssa) measured
debug: adding pages to enclave: 0x3fee7000-0x3feeb000 [TCS:---] (tcs) measured
debug: adding pages to enclave: 0x3fee3000-0x3fee7000 [REG:RW-] (tls) measured
debug: adding pages to enclave: 0x3fea3000-0x3fee3000 [REG:RW-] (stack) measured
debug: adding pages to enclave: 0x3fe63000-0x3fea3000 [REG:RW-] (stack) measured
debug: adding pages to enclave: 0x3fe23000-0x3fe63000 [REG:RW-] (stack) measured
debug: adding pages to enclave: 0x3fde3000-0x3fe23000 [REG:RW-] (stack) measured
debug: adding pages to enclave: 0x3fdd3000-0x3fde3000 [REG:RW-] (sig_stack) measured
debug: adding pages to enclave: 0x3fdc3000-0x3fdd3000 [REG:RW-] (sig_stack) measured
debug: adding pages to enclave: 0x3fdb3000-0x3fdc3000 [REG:RW-] (sig_stack) measured
debug: adding pages to enclave: 0x3fda3000-0x3fdb3000 [REG:RW-] (sig_stack) measured
debug: adding pages to enclave: 0x3b97f000-0x3b9ca000 [REG:R-X] (code) measured
debug: adding pages to enclave: 0x3b9ca000-0x3b9ce000 [REG:RW-] (data) measured
debug: adding pages to enclave: 0x3b9ce000-0x3fda3000 [REG:RW-] (bss) measured
debug: adding pages to enclave: 0x10000-0x3b97f000 [REG:RWX] (free)
debug: enclave initializing:
debug:     enclave id:   0x000000003ffff000
debug:     mr_enclave:   34aaff9782aa80fddaca2f5711c95d90152faf66cd362249b1a5f91405a3c1e7
-----------------------------------------------------------------------------------------------------------------------
Gramine detected the following insecure configurations:

  - loader.log_level = warning|debug|trace|all (verbose log level, may leak information)
  - loader.insecure__use_cmdline_argv = true   (forwarding command-line args from untrusted host to the app)
  - sgx.allowed_files = [ ... ]                (some files are passed through from untrusted host without verification)

Gramine will continue application execution, but this configuration must not be used in production!
-----------------------------------------------------------------------------------------------------------------------

chmod: cannot access 'test_files/hello': No such file or directory
make: *** [Makefile:79: check] Error 1

When I go to check the test_files directory, the binary indeed has not been built as if gcc did not run.

I am running Ubuntu 20.04, kernel 5.11 on a machine that supports FLC, and I installed Gramine via apt.

FYI: I used the gcc Makefile and manifest templates for the app I am testing, and it seems like gramine-sgx is indeed not executing my binary either.

dimakuv commented 2 years ago

@marcelamelara This was a backwards-compatibility bug. I fixed it now: https://github.com/gramineproject/examples/pull/12. We'll merge this bug fix soon-ish.

marcelamelara commented 2 years ago

@dimakuv Thanks so much for the quick response! I'll use this bug fix in my own manifest as well in the meantime.

gramineproject / examples

Error running gcc example #11