search

intel / trustauthority-client-for-go

BSD 3-Clause "New" or "Revised" License
16 stars 18 forks source link

Unable to build tdx-cli #17

Closed ADL-work closed 7 months ago

ADL-work commented 8 months ago

Hi,

I'm trying to use the tdx-cli in Azure stack as below:

Size: Standard EC8es v5 (8 vcpus, 64 GiB memory) Operating system: Linux (sles 15.5)

When i tried to run make cli

it shows error:

>  make cli
CGO_CFLAGS="-O2 -D_FORTIFY_SOURCE=2" go build -buildmode=pie -trimpath -ldflags "-s -linkmode=external -extldflags -Wl,-O1,-z,relro,-z,now \
    -X github.com/intel/trustauthority-client/tdx-cli/cmd.Version=v1.0.0 -X github.com/intel/trustauthority-client/tdx-cli/cmd.BuildDate=2023-12-14 \
    -X github.com/intel/trustauthority-client/tdx-cli/cmd.GitHash=14b89ef" -o trustauthority-cli
# github.com/intel/trustauthority-client/go-tdx
../go-tdx/collect_evidence.go:13:11: fatal error: tdx_attest.h: No such file or directory
 // #include "tdx_attest.h"
           ^~~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:10: cli] Error 1
(base) azureuser@tdx-llm-test:~/trustauthority-client-for-go/tdx-cli>

Edit: since I actually switched the branch to azure-tdx-preview, the make command works, but when I was trying to get the token with the command:

sudo ./trustauthority-cli token --config config.json --user-data aGVsbG93b3JsZA== --no-eventlog

it shows the error:

Failed to collect evidence from adapter: getTDReport returned err exit status 1
Error: Failed to collect evidence from adapter: getTDReport returned err exit status 1

Do you have any suggestion for this ?

Thank you

arvind5 commented 7 months ago

Thanks for the update! We have not seen this issue with Ubuntu based VMs. We will try to reproduce this issue on SLES and get back.

arvind5 commented 7 months ago

We were able to reproduce this issue on SLES. The root cause of the issue was missing TPM command transmission interface (TCTI) due to which the TPM2 commands were failing while trying to fetch TDReport from vTPM. To fix this issue, TCTI interface for TPM device node needs to be installed.

sudo zypper install libtss2-tcti-device0

Post installing this package, trustauthority client was able to get the token successfully.

ADL-work commented 7 months ago

We were able to reproduce this issue on SLES. The root cause of the issue was missing TPM command transmission interface (TCTI) due to which the TPM2 commands were failing while trying to fetch TDReport from vTPM. To fix this issue, TCTI interface for TPM device node needs to be installed.

sudo zypper install libtss2-tcti-device0

Post installing this package, trustauthority client was able to get the token successfully.

Hi, Thanks a lot for the hint, when I tried to get the token after installing the package, the new error appears:

 Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory
Error: Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory

Does this means some additional packages/libraries need installing ?

Thank you

arvind5 commented 7 months ago

Hi, Thanks a lot for the hint, when I tried to get the token after installing the package, the new error appears:

 Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory
Error: Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory

Does this means some additional packages/libraries need installing ?

Thank you

Can you please share the command that you used? Make sure you pass --no-eventlog flag as the Azure VMs does not expose the TD event log file "/sys/firmware/acpi/tables/CCEL".

ADL-work commented 7 months ago

Hi, Thanks a lot for the hint, when I tried to get the token after installing the package, the new error appears:

 Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory
Error: Failed to collect evidence from adapter: There was an error while collecting RTMR Event Log Data: /sys/firmware/acpi/tables/CCEL file does not exist: stat /sys/firmware/acpi/tables/CCEL: no such file or directory

Does this means some additional packages/libraries need installing ? Thank you

Can you please share the command that you used? Make sure you pass --no-eventlog flag as the Azure VMs does not expose the TD event log file "/sys/firmware/acpi/tables/CCEL".

Oh the --no-eventlog makes it work, I was missing that one out.

Now I can have the token from the CLI. Thanks a lot for your help!