mkow
commented
3 years ago But the build machine may be completely different than the one where you actually intend to deploy the enclave. And it's quite likely that it won't even support SGX.
Closed AI-Memory closed 3 years ago
mkow
commented
3 years ago But the build machine may be completely different than the one where you actually intend to deploy the enclave. And it's quite likely that it won't even support SGX.
dimakuv
commented
3 years ago @mkow replied to the part of the question set it automatically if the in-tree SGX driver available. Indeed, Graphene binaries are probably built on some random developer machine and then distributed to the actual SGX-enabled machine. So finding the SGX driver automatically is meaningless.
There is another part to this question: why does Graphene explicitly require ISGX_DRIVER_PATH to be set at all? Why not assume that a non-set ISGX_DRIVER_PATH variable has the same meaning as ISGX_DRIVER_PATH=""? The answer is: because the users must know exactly what configuration Graphene is built with, and there should be no magic assumptions in Graphene.
In other words, we consiously make it explicit that there is a configuration parameter ISGX_DRIVER_PATH in Graphene build. This makes it easier to root-cause issues.
Description of the problem
The in-tree GSGX driver actually can be detected easily for GSGX building system, so it is not necessary for dev. to set the environment variable beforehand, as follows
ISGX_DRIVER_PATH=""I suggest to set it automatically if the in-tree SGX driver available to use during building this project, if possible, just let dev. to confirm it. thanks.