AESM not working on non-FLC machine

[kingli-crypto]

Hi, I have a non FLC machine and trying to run aesm-service. This host was able to run SGX enclaves before. Can I get any help

I run below command to start aesm-service.

sudo LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service --no-daemon

This version of aesm is installed from latest branch / 2.21

make clean; make deb_psw_pkg DEBUG=1

When aesm-service is run

[enclave_create_ex sgx_enclave_common.cpp:608] 
 secs->attibutes.flags = 24, secs->attributes.xfrm = 7 
[enclave_create_ex sgx_enclave_common.cpp:760] 
SGX_IOC_ENCLAVE_CREATE failed: ret = -1
[build_image /home/sgx-dev1/sgx/linux-sgx/psw/urts/loader.cpp:584] build secs failed
aesm_service: error: Fail to start service.

Logs from /var/opt/aesmd/data/internal_log.txt

Fri Sep  1 19:58:29 2023]aesm service is starting
Fri Sep  1 19:58:29 2023]Failed to load LE and it's not because of LCP
Fri Sep  1 19:58:29 2023]Fail to start service.

cpuid

cpuid -1    
CPU:
   vendor_id = "GenuineIntel"
   version information (1/eax):
      processor type  = primary processor (0)
      family          = 0x6 (6)
      model           = 0xe (14)
      stepping id     = 0xc (12)
      extended family = 0x0 (0)
      extended model  = 0x8 (8)
      (family synth)  = 0x6 (6)
      (model synth)   = 0x8e (142)
      (simple synth)  = Intel (unknown type) (Whiskey Lake-U V0 / Comet Lake-U V1) [Kaby Lake] {Skylake}, 14nm
   miscellaneous (1/ebx):
      process local APIC physical ID = 0x2 (2)
      cpu count                      = 0x10 (16)
      CLFLUSH line size              = 0x8 (8)
      brand index                    = 0x0 (0)

linux

Linux HKLAP0449 5.15.0-82-generic #91~20.04.1-Ubuntu SMP Fri Aug 18 16:24:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

We also have the same problem running prebuilt packages on ubuntu.

[llly]

You need a 5.10 or below Linux Kernel and install legacy SGX driver, prebuilt or source code for non-FLC SGX platform.

[YummyCoke]

I had the same problem as you.

I solved it in the following way.

=============================== Downgrade the Linux kernel version to 5.15.0-67-generic.

Reinstall the SGX driver,PSW and SDK.

==============================

I think it's a compatibility issue due to Linux kernel updates.

I hope your problem will be solved.

[kingli-crypto]

We resolved the problem by downgrading to 5.15.0-79 on ubuntu 20. Then re-install all SGX OOT driver and PSW.

Hope this help anyone coming across this in the future

[kladkogex]

We just had this issue on a massive number of machines that updated kernel on Ubuntu 20. The cloud provider just updated the kernel without telling us, many of them do this things.

Downgrading to 5.14 helped

[kladkogex]

So it look like it is somewhere between 5.15.0-79 and 5.15.0-82

[lzha101]

We also observed some other failures with the updated kernel version and confirmed it is a kernel bug related to the kernel feature ARCH_HAS_CPU_FINALIZE_INIT introduced from 5.15.0-81. This is the kernel fix patch - https://lore.kernel.org/lkml/87r0nsddb5.ffs@tglx/T/ So please don't use the problematic kernel versions.