search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.32k stars 543 forks source link

Local attestation sample doesn't work in simulation mode #330

Open Joschuka opened 6 years ago

Joschuka commented 6 years ago

Hello,

I followed every step in the installation description to install the Intel SGX SDK. Everything went well until I tried to execute the LocalAttestationExample, which compiles well but gives me the following error when trying to execute it :

Load Enclave Failure Available Enclaves Enclave1 - EnclaveID 0 Enclave2 - EnclaveID 0 Enclave3 - EnclaveID 0Enclave1_test_create_session Ecall failed: Error code is 2002

I tried to execute it as root but it doesn't work. Other examples have a similar error

Joschuka commented 6 years ago

Here's the output on the SealedData example : ` Replay Protected DRM operation: cannot create enclave, error code = 0x3002 call create_sealed_policy fail, error code = 0x2002 Initialization the DRM failed.

Replay Protected DRM update limitation:

cannot create enclave, error code = 0x3002 call create_sealed_policy fail, error code = 0x2002 Initialization the DRM failed.

Replay Protected DRM replay attack protection:

cannot create enclave, error code = 0x3002 call create_sealed_policy fail, error code = 0x2002 Initialization the DRM failed.

Time based policy operation:

cannot create enclave, error code = 0x3002 call create_time_based_policy fail, error code = 0x2002 Initialization the time based policy failed.

Time based policy expiration:

cannot create enclave, error code = 0x3002 call create_time_based_policy fail, error code = 0x2002 Initialization the time based policy failed. Enter a character before exit ... ` I'm using the SDK on a fresh linux install, I have Ubuntu 18.04.

andyzyb commented 6 years ago

The error shows loading Enclave failed. Can you try to run the SampleEnclave project in simulation mode which is the simplest one?

Joschuka commented 6 years ago

Here is the output, it seems to be successful : Checksum(0x0x7fff93a64ff0, 100) = 0xfffd4143 Info: executing thread synchronization, please wait... Info: SampleEnclave successfully returned. Enter a character before exit ...

andyzyb commented 6 years ago

Would you please try the official build from 01.org and see if that works for you.

https://download.01.org/intel-sgx/linux-2.3.1/ubuntu18.04/

Joschuka commented 6 years ago

It still doesn't work unfortunately

andyzyb commented 6 years ago

What is the command you build local attestation sample?

Joschuka commented 6 years ago

I use the following one : SGX_MODE=SW make It shows at the end : The project has been built in debug simulation mode.

llly commented 6 years ago

This is a bug in our SGX SDK. Thanks for reporting. Workaround is always setting launch_token to 0 when calling sgx_create_enclave() function.

Joschuka commented 6 years ago

The workaround made it work, thanks for the help. However it only works on this example right ?

llly commented 6 years ago

It works on all scenarios which use simulation enclaves. The bug only exists in SDK and in simulation mode. So it impacts developing.

fkirc commented 5 years ago

Please fix this bug, this breaks the simulation mode.

When calling sgx_create_enclave in simulation mode, I get the error code 0x3002. According to the developer reference: 0x3002: SGX_ERROR_INVALID_ATTRIBUTE The enclave is not authorized.

fkirc commented 5 years ago

Update: The workaround is to initialize the launch token struct to zero:

memset(&launch_token, 0, sizeof(sgx_launch_token_t));

Nevertheless, either the code examples or the sdk should be fixed. Please merge #337.