search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.33k stars 544 forks source link

Error when execute SampleEnclave HW mode #925

Open SicherZoeng opened 1 year ago

SicherZoeng commented 1 year ago

After linux-sgx was built according to the tutorial and SampleEnclave HW mode was made, the execution of ./app met an error "failed to load enclave", then I tried some ways to solve it, including the solution mentioned in this link: https://www.intel.com/content/www/us/en/support/articles/000057836/software/intel-security-products.html After that, I tried to remove the folder linux-sgx, and rebuilt it, re-executed SampleEnclave HW mode ./app, then I met this error:

[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
Error code is 0x4001. Please refer to the "Intel SGX SDK Developer Reference" for more details.
Enter a character before exit ...

I didn't find the similar problem as I met, and I wonder how to solve it. HELP! Thanks a lot!

SicherZoeng commented 1 year ago

When I executed service aesmd restart, I met this error:

Job for aesmd.service failed because the control process exited with error code.
See "systemctl status aesmd.service" and "journalctl -xeu aesmd.service" for details.
SicherZoeng commented 1 year ago

When I executed make SGX_MODE=SIM, I met this error:

/usr/local/bin/ld: warning: libsgx_uae_service_sim.so, needed by /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so, not found (try using -rpath or -rpath-link)
/usr/local/bin/ld: /opt/intel/sgxsdk/lib64/libsgx_urts_sim.so: undefined reference to `get_launch_token'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:236: app] Error 1
make[1]: Leaving directory '/opt/intel/sgxsdk/SampleCode/SampleEnclave'
make: *** [Makefile:181: all] Error 2
llly commented 1 year ago

For make SGX_MODE=SIM, you need to run source /opt/intel/sgxsdk/environment. For HW mode, can you check ls /dev/*sgx* to make sure SGX driver is working? And print result of systemctl status aesmd.service to help resolve the issue.

SicherZoeng commented 1 year ago

For make SGX_MODE=SIM, you need to run source /opt/intel/sgxsdk/environment. For HW mode, can you check ls /dev/*sgx* to make sure SGX driver is working? And print result of systemctl status aesmd.service to help resolve the issue.

Thank you for reply! For simulation mode, I have already run source /opt/intel/sgxsdk/environment before I met the error. For hardware mode: ls /dev/*sgx*:

/dev/isgx  /dev/sgx_provision  /dev/sgx_vepc

/dev/sgx:
provision

systemctl status aesmd.service:

 aesmd.service - Intel(R) Architectural Enclave Service Manager
     Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Mon 2022-12-19 16:36:35 CST; 605ms ago
    Process: 37417 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=203/EXEC)
        CPU: 6ms
llly commented 1 year ago

You can remove the SDK folder sudo rm /opt/intel/opt/intel/sgxsdk/ -rf and reinstall SGXSDK. The SGX driver is not correct. /dev/isgx is from legacy driver and /dev/sgx_provision is from inkernel driver. You need to run sudo /opt/intel/sgxdriver/uninstall.sh to uninstall legacy driver. Or even more, remove all SGX related components and install again.

SicherZoeng commented 1 year ago

You can remove the SDK folder sudo rm /opt/intel/opt/intel/sgxsdk/ -rf and reinstall SGXSDK. The SGX driver is not correct. /dev/isgx is from legacy driver and /dev/sgx_provision is from inkernel driver. You need to run sudo /opt/intel/sgxdriver/uninstall.sh to uninstall legacy driver. Or even more, remove all SGX related components and install again.

I have already removed and reinstalled before and after your reply, but there is no effect... The same error.

wangzhankun commented 1 year ago

Same Error, solved in #934

NookLook2014 commented 1 year ago

Same error but under different executing enviroment, could someone help ? OS: Ubuntu 20.04, kernel 5.15.0-71-generic

cpuid | grep sgx output: image

The is_sgx_available provided by gramine outputs: image

When I can execute SampleEnclave in HW mode, error occurs and is not clear as follows: root@dell-PowerEdge-R750:/opt/intel/sgxsdk/SampleCode/SampleEnclave# cd /opt/intel/sgxsdk/SampleCode/SampleEnclave && make && ./app make[1]: Entering directory '/opt/intel/sgxsdk/SampleCode/SampleEnclave' GEN => App/Enclave_u.h CC <= App/Enclave_u.c CXX <= App/App.cpp CXX <= App/Edger8rSyntax/Types.cpp CXX <= App/Edger8rSyntax/Pointers.cpp CXX <= App/Edger8rSyntax/Arrays.cpp CXX <= App/Edger8rSyntax/Functions.cpp CXX <= App/TrustedLibrary/Thread.cpp CXX <= App/TrustedLibrary/Libcxx.cpp CXX <= App/TrustedLibrary/Libc.cpp LINK => app GEN => Enclave/Enclave_t.h CC <= Enclave/Enclave_t.c CXX <= Enclave/Edger8rSyntax/Arrays.cpp CXX <= Enclave/Edger8rSyntax/Functions.cpp CXX <= Enclave/Edger8rSyntax/Pointers.cpp CXX <= Enclave/Edger8rSyntax/Types.cpp CXX <= Enclave/Enclave.cpp CXX <= Enclave/TrustedLibrary/Libc.cpp CXX <= Enclave/TrustedLibrary/Libcxx.cpp CXX <= Enclave/TrustedLibrary/Thread.cpp LINK => enclave.so

0 0 0x40000 0x100000 10 1 0 0 0xFFFFFFFF

tcs_num 10, tcs_max_num 10, tcs_min_pool 1 The required memory is 4222976B. The required memory is 0x407000, 4124 KB. Succeed. SIGN => enclave.signed.so The project has been built in debug hardware mode. make[1]: Leaving directory '/opt/intel/sgxsdk/SampleCode/SampleEnclave' Error: Unexpected error occurred. Enter a character before exit ...

Additionally, The SIM mode works fine as follows: root@dell-PowerEdge-R750:/opt/intel/sgxsdk/SampleCode/SampleEnclave# cd /opt/intel/sgxsdk/SampleCode/SampleEnclave && make SGX_MODE=SIM && ./app make[1]: Entering directory '/opt/intel/sgxsdk/SampleCode/SampleEnclave' GEN => App/Enclave_u.h CC <= App/Enclave_u.c CXX <= App/App.cpp CXX <= App/Edger8rSyntax/Types.cpp CXX <= App/Edger8rSyntax/Pointers.cpp CXX <= App/Edger8rSyntax/Arrays.cpp CXX <= App/Edger8rSyntax/Functions.cpp CXX <= App/TrustedLibrary/Thread.cpp CXX <= App/TrustedLibrary/Libcxx.cpp CXX <= App/TrustedLibrary/Libc.cpp LINK => app GEN => Enclave/Enclave_t.h CC <= Enclave/Enclave_t.c CXX <= Enclave/Edger8rSyntax/Arrays.cpp CXX <= Enclave/Edger8rSyntax/Functions.cpp CXX <= Enclave/Edger8rSyntax/Pointers.cpp CXX <= Enclave/Edger8rSyntax/Types.cpp CXX <= Enclave/Enclave.cpp CXX <= Enclave/TrustedLibrary/Libc.cpp CXX <= Enclave/TrustedLibrary/Libcxx.cpp CXX <= Enclave/TrustedLibrary/Thread.cpp LINK => enclave.so

0 0 0x40000 0x100000 10 1 0 0 0xFFFFFFFF

tcs_num 10, tcs_max_num 10, tcs_min_pool 1 The required memory is 4276224B. The required memory is 0x414000, 4176 KB. Succeed. SIGN => enclave.signed.so The project has been built in debug simulation mode. make[1]: Leaving directory '/opt/intel/sgxsdk/SampleCode/SampleEnclave' Checksum(0x0x7ffdae7ff5c0, 100) = 0xfffd4143 Info: executing thread synchronization, please wait...
Info: SampleEnclave successfully returned. Enter a character before exit ...

llly commented 1 year ago

You don't need to install any SGX driver manually for kernel 5.15. Need to uninstall it if installed.