search

gramineproject / examples

Sample applications configs for Gramine
BSD 3-Clause "New" or "Revised" License
29 stars 22 forks source link

make: *** [Makefile:67: secret_prov_client] Error 1 #59

Closed CasellaJr closed 1 year ago

CasellaJr commented 1 year ago

I am trying to train a Neural Network on MNIST using SGX. My file is called "mnist.py". With python3 mnist.py it works. With non-SGX Gramine gramine-direct ./pytorch mnist.py It works. Now, I am trying to run SGX Gramine with gramine-sgx ./pytorch mnist.py. If I run this command I get: /usr/bin/python3.10: can't open file '//mnist.py': [Errno 13] Permission denied. So, I think that I need to follow the steps here to create a python script executable by SGX Gramine. However, when I do:

git clone --depth 1 --branch v1.2 https://github.com/gramineproject/gramine.git
cd gramine/CI-Examples/ra-tls-secret-prov
make app dcap RA_TYPE=dcap

I have this error:

gramine-sgx-get-token --output secret_prov_min_client.token --sig secret_prov_min_client.sig
/usr/bin/gramine-sgx-get-token:17: DeprecationWarning: gramine-sgx-get-token is deprecated on upstream SGX driver, and calling it will be a hard error in the future
  warnings.warn(
cc src/secret_prov_client.c -O2 -fPIE -Wall -std=c11 -I../../Pal/src/host/Linux-SGX/tools/ra-tls -I/usr/include/gramine -pie -Wl,-rpath,/usr/lib/x86_64-linux-gnu -Wl,--start-group -lmbedcrypto_gramine -lmbedtls_gramine -lmbedx509_gramine -Wl,--end-group -lsecret_prov_attest -o secret_prov_client
/usr/bin/ld: /tmp/cctRjjt2.o: in function `main':
secret_prov_client.c:(.text.startup+0x11d): undefined reference to `secret_provision_destroy'
collect2: error: ld returned 1 exit status
make: *** [Makefile:67: secret_prov_client] Error 1
dimakuv commented 1 year ago

The tutorial on the page https://gramine.readthedocs.io/en/latest/tutorials/pytorch/index.html is stale unfortunately. We haven't updated it to work with the latest Gramine yet, sorry. Thus, there may be errors like you encountered.

But going back to your original issue:

With python3 mnist.py it works. With non-SGX Gramine gramine-direct ./pytorch mnist.py It works. Now, I am trying to run SGX Gramine with gramine-sgx ./pytorch mnist.py. If I run this command I get: /usr/bin/python3.10: can't open file '//mnist.py': [Errno 13] Permission denied.

Can you show your manifest file? I guess you based on it on this manifest: https://github.com/gramineproject/gramine/blob/master/CI-Examples/python/python.manifest.template ?

In this case, you need to add mnist.py in the sgx.trusted_files list in the manifest. The "Permissions denied" error you get is because Gramine-SGX by default does not allow to open files that were not explicitly specified in the manifest.

CasellaJr commented 1 year ago

Yes, you were right. I fixed this, so now my file mnist.py is trusted. Now, inside my script I need to access the dataset MNIST. So, inside the manifest I have also added the files of the dataset. However, the format of the dataset is not accepted by gramine: graminelibos.manifest.ManifestError: Unsupported URI type: /MNIST/raw/train-images-idx3-ubyte make: *** [Makefile:36: sgx_sign] Error 1. How can I solve?

mkow commented 1 year ago 
git clone --depth 1 --branch v1.2

Please don't use outdated Gramine versions, we don't provide support for them.

However, the format of the dataset is not accepted by gramine [...]

Try adding file: before that URI in the manifest (see https://gramine.readthedocs.io/en/latest/manifest-syntax.html).

CasellaJr commented 1 year ago

Oh yes, you are right, my mistake, I forgot the file: 😄

dimakuv commented 1 year ago

Closing this issue then.