search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.32k stars 543 forks source link

SGX application is not working in both simulator mode and hardware mode!! #324

Open vikramjoshi913 opened 6 years ago

vikramjoshi913 commented 6 years ago

I am runnning application in simulator mode but its not working.It is giving error :

[_EINIT u_instructions.cpp:127] SECS attributes does NOT match launch token attribuets

[build_image /root/sgx/linux-sgx-master/psw/urts/loader.cpp:521] init_enclave failed

Load Enclave Failure

Available Enclaves

Enclave1 - EnclaveID 0

Enclave2 - EnclaveID 0

[remove_enclave /root/sgx/linux-sgx-master/psw/urts/enclave.cpp:684] remove an unknown enclave

[remove_enclave /root/sgx/linux-sgx-master/psw/urts/enclave.cpp:684] remove an unknown enclave

[remove_enclave /root/sgx/linux-sgx-master/psw/urts/enclave.cpp:684] remove an unknown enclave

Enclave3 - EnclaveID 0Enclave1_test_create_session Ecall failed: Error code is 2002

ghost commented 6 years ago

Can you please share your enclave configuration file?

lzha101 commented 6 years ago

Besides, you can also check if you are using a saved old launch token to load the enclave.

vikramjoshi913 commented 6 years ago

ok. @lzha101 @zhaohuidu Can you explain me 1). What is token file ? 2). How are we authenticating application to access it's enclave ?because , For enclave accessing, we are giving only 2 files : one is token file and another file is signed enclave file.

lzha101 commented 6 years ago

@vikramjoshi913 token file includes a launch token which would be used by EINIT to verify if the enclave has permission to launch. It includes some info for the enclave and the loading platform.

If the loading failure is caused by the saved token file you received, you can try not to pass the saved token to urts when calling sgx_create_enclave API. Then a new launch token would be gotten and used for EINIT. See https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/App/App.cpp#L155 for how to directly call sgx_create_enclave without passing saved token.

vikramjoshi913 commented 6 years ago

@lzha101 fork() will work in Enclave memory or not ? Will child process also get Enclave memory if i call fork() function in trusted part of application ? if not then how can i do this ? i want that child process should run in Enclave memory ?

andyzyb commented 6 years ago

fork() doesn't work in Enclave memory. Usually when you do a fork() in your application, child process may need to re-create the Enclave. The Enclave memory is not shared between parent and child process.

vikramjoshi913 commented 6 years ago

thank you so much !!

vikramjoshi913 commented 6 years ago

Is any other way to run whole application in Enclave memory ?

andyzyb commented 6 years ago

SGX SDK doesn't provide a solution to run whole application in Enclave memory. You have to partition the application to trusted and untrusted parts. Only trusted part (a .so file in current implementation) can be loaded as Enclave.

You can take a look at other projects for the similar goal. For example: https://github.com/oscarlab/graphene implements a library OS which may help you wrap whole application inside Enclave memory.