search

gramineproject / graphene

Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
https://grapheneproject.io
GNU Lesser General Public License v3.0
765 stars 261 forks source link

Error deploy to Azure confidential computing #2613

Closed adityapribadi3 closed 3 years ago

adityapribadi3 commented 3 years ago

Hi, I have tried to deploy graphene in an Azure confidential computing machine. I follow this guide https://graphene.readthedocs.io/en/latest/cloud-deployment.html also, I have checked using is_sgx_available and the result is

SGX supported by CPU: true SGX1 (ECREATE, EENTER, ...): true SGX2 (EAUG, EACCEPT, EMODPR, ...): false Flexible Launch Control (IA32_SGXPUBKEYHASH{0..3} MSRs): true SGX extensions for virtualizers (EINCVIRTCHILD, EDECVIRTCHILD, ESETCONTEXT): false Extensions for concurrent memory management (ETRACKC, ELDBC, ELDUC, ERDINFO): false CET enclave attributes support (See Table 37-5 in the SDM): false Key separation and sharing (KSS) support (CONFIGID, CONFIGSVN, ISVEXTPRODID, ISVFAMILYID report fields): false Max enclave size (32-bit): 0x80000000 Max enclave size (64-bit): 0x1000000000 EPC size: 0x1c00000 SGX driver loaded: true AESMD installed: false SGX PSW/libsgx installed: false

when I try to run graphene-sgx helloworld

it shows an error

error: Cannot map enclave pages 1 error: Loading enclave binary failed: -13 error: load_enclave() failed with error -13

do you know how to solve this? also, I have upgraded the kernel version to 5.11 generic

dimakuv commented 3 years ago

You updated the kernel version to 5.11 -- this version has its own SGX driver (built-in). This effectively disables the "default" DCAP SGX driver installed by Microsoft Azure under /usr/src/linux-headers-`uname -r`/arch/x86/.

So you should delete your Graphene that you built previously, and rebuild it again following the same instructions. But you should specify make ISGX_DRIVER_PATH="" SGX=1 in step 3 now (this tells Graphene to use the built-in SGX driver).

adityapribadi3 commented 3 years ago

Hi dimakuv, I have tried to run using this one "make ISGX_DRIVER_PATH="" SGX=1" in step 3 but I still have the same error, also I use ubuntu 20.04 gen2, or should I try to use ubuntu 18 and use the default kernel?

adityapribadi3 commented 3 years ago

for the update, I have followed the same as the guide including ubuntu 18 and using the default the kernel. When I run "graphene-sgx helloworld", it return this error: Using insecure argv source. Graphene will continue application execution, but this configuration must not be used in productio n! Hello world!

dimakuv commented 3 years ago

So you got it running on Ubuntu 18.04. Congrats!

What happens on 20.04 I am not sure. Please try again from scratch, and don't forget to use make ISGX_DRIVER_PATH="" SGX=1.

adityapribadi3 commented 3 years ago

Yes, it works in ubuntu 18.04 kernel 5.4. Thank you for your help dimakuv, so for this error "error: Using insecure argv source" I don't need to worry right?

dimakuv commented 3 years ago

You don't need to worry about this error. This is perfectly normal (well, insecure but functional -- that's because we wrote a very simple HelloWorld example and didn't care much about its security).

adityapribadi3 commented 3 years ago

ok thanks for your help, appreciate it