juuusto
commented
7 months ago Facing the same problem.
Open tyxben opened 8 months ago
juuusto
commented
7 months ago Facing the same problem.
grydz
commented
6 months ago I confirm the bug on Ubuntu 20.04 and Ubuntu 22.04 (tested on Microsoft Azure VM Standard_DC2s_v3) with Intel SGX SDK 2.23 (sgx_linux_x64_sdk_2.23.100.2.bin).
Processor and Linux kernel info:
$ uname -a
Linux sgx-ubuntu-22-v2 6.5.0-1019-azure #20~22.04.1-Ubuntu SMP Wed Apr 3 03:28:18 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
$ cat /proc/cpuinfo | grep -i "model name"
model name : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
$ cpuid | grep -i sgx
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = true
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = true
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):Intel SGX libraries installed:
$ sudo apt list --installed | grep sgx
libsgx-ae-id-enclave/unknown,now 1.20.100.2-jammy1 amd64 [installed,automatic]
libsgx-ae-pce/unknown,now 2.23.100.2-jammy1 amd64 [installed,automatic]
libsgx-ae-qe3/unknown,now 1.20.100.2-jammy1 amd64 [installed,automatic]
libsgx-aesm-ecdsa-plugin/unknown,now 2.23.100.2-jammy1 amd64 [installed,automatic]
libsgx-aesm-pce-plugin/unknown,now 2.23.100.2-jammy1 amd64 [installed,automatic]
libsgx-aesm-quote-ex-plugin/unknown,now 2.23.100.2-jammy1 amd64 [installed]
libsgx-dcap-default-qpl-dbgsym/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-default-qpl-dev/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-default-qpl/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-ql-dbgsym/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-ql-dev/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-ql/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-quote-verify-dbgsym/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-dcap-quote-verify/unknown,now 1.20.100.2-jammy1 amd64 [installed]
libsgx-enclave-common/unknown,now 2.23.100.2-jammy1 amd64 [installed,automatic]
libsgx-epid/unknown,now 2.23.100.2-jammy1 amd64 [installed]
libsgx-headers/unknown,now 2.23.100.2-jammy1 amd64 [installed,automatic]
libsgx-launch/unknown,now 2.23.100.2-jammy1 amd64 [installed]
libsgx-pce-logic/unknown,now 1.20.100.2-jammy1 amd64 [installed,automatic]
libsgx-qe3-logic/unknown,now 1.20.100.2-jammy1 amd64 [installed,automatic]
libsgx-quote-ex/unknown,now 2.23.100.2-jammy1 amd64 [installed]
libsgx-urts/unknown,now 2.23.100.2-jammy1 amd64 [installed]
linux-base-sgx/jammy,now 4.5ubuntu9 all [installed]
sgx-aesm-service/unknown,now 2.23.100.2-jammy1 amd64 [installed]Trying Intel's quote generation code sample:
~/SGXDataCenterAttestationPrimitives/SampleCode/QuoteGenerationSample$ make DEBUG=1
make target
make[1]: Entering directory '/home/azureuser/SGXDataCenterAttestationPrimitives/SampleCode/QuoteGenerationSample'
cd App && /opt/intel/sgxsdk/bin/x64/sgx_edger8r --untrusted ../Enclave/Enclave.edl
GEN => App/Enclave_u.c
CC <= App/Enclave_u.c
CXX <= App/App.cpp
g++ App/Enclave_u.o App/App.o -o app -m64 -O2 -lsgx_dcap_ql -lsgx_urts -ldl -lpthread -ldcap_quoteprov
LINK => app
GEN => Enclave/Enclave_t.c
CC <= Enclave/Enclave_t.c
CXX <= Enclave/Enclave.cpp
LINK => enclave.so
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 1, tcs_max_num 1, tcs_min_pool 1
INFO: Enclave configuration 'MiscSelect' and 'MiscSelectMask' will prevent enclave from using dynamic features. To use the dynamic features on SGX2 platform, suggest to set MiscMask[0]=0 and MiscSelect[0]=1.
The required memory is 1478656B.
The required memory is 0x169000, 1444 KB.
handle_compatible_metadata: Overwrite with metadata version 0x100000004
Succeed.
SIGN => enclave.signed.so
The project has been built in release hardware mode.
make[1]: Leaving directory '/home/azureuser/SGXDataCenterAttestationPrimitives/SampleCode/QuoteGenerationSample'~/SGXDataCenterAttestationPrimitives/SampleCode/QuoteGenerationSample$ SGX_AESM_ADDR=1 sudo -E ./app
[APP] Step1: Call sgx_qe_get_target_info:
Error in sgx_qe_get_target_info. 0xe001$ sudo systemctl status aesmd
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: core-dump) since Wed 2024-04-24 09:59:12 UTC; 2s ago
Process: 3762 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
Process: 3775 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 3776 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 3777 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 3778 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 3779 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 3780 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (code=exited, status=0/SUCCESS)
Main PID: 3781 (code=dumped, signal=SEGV)
CPU: 81ms
Apr 24 09:59:12 sgx-ubuntu-22-v2 systemd[1]: aesmd.service: Failed with result 'core-dump'.Tried to run aesmd with --no-daemon but it fails with no more info:
$ sudo systemctl stop aesmd
$ sudo -u aesmd bash -c "LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service --supported_attestation_types=ECDSA --no-daemon"
The path of system bundle: System Bundle
ecdsa_quote_service_bundle_name:2.0.0
linux_network_service_bundle_name:2.0.0
pce_service_bundle_name:2.0.0
quote_ex_service_bundle_name:2.0.0
system_bundle:4.0.0
Segmentation fault
llly
commented
6 months ago Yes. This is a bug that aesm_service crashes on Azure. See SGXDataCenterAttestationPrimitives/366. Fix has been committed and will be released in 2.24 release very soon.
grydz
commented
6 months ago Whoops, I missed the issue on SGXDataCenterAttestationPrimitives repository...
Thanks, I just saw that version 1.21.100.3 has been released in Intel's APT repository. It solves the issue!
My AESM service crashes, but I don't know why.
Mar 13 15:48:48 sgx-2 systemd[1]: Started Intel(R) Architectural Enclave Service Manager. Mar 13 15:48:48 sgx-2 aesm_service[814396]: The server sock is 0x5bc6f111ca60 Mar 13 15:48:56 sgx-2 systemd[1]: aesmd.service: Main process exited, code=dumped, status=11/SEGV Mar 13 15:48:56 sgx-2 systemd[1]: aesmd.service: Failed with result 'core-dump'.
My qcln conf is { "pccs_url": "https://global.acccache.azure.net/sgx/certification/v3/", "use_secure_cert": true, "collateral_service": "https://global.acccache.azure.net/sgx/certification/v3/", "pccs_api_version": "3.1", "retry_times": 6, "retry_delay": 5, "local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v3/", "pck_cache_expire_hours": 24, "verify_collateral_cache_expire_hours": 24, "custom_request_options": { "get_cert": { "headers": { "metadata": "true" }, "params": { "api-version": "2021-07-22-preview" } } } }