Failed to reproduce confidential-ml example

[jinbpark]

error log (when trying to run the certifier service)

$ <terminal-1: certifier-service> ./run.sh x86_64 193.168.10.15
....
VerifySignedClaim: Time violation
Can't verifiy signature

reported from Guan, Mingyu/mingyu.guan@gatech.edu

[jinbpark]

This is a temporal solution:

It works only for "How to test with simulated enclave (no actual hardware TEE) on x86_64" in code_model.md.

I found that getting "How to test with Islet" to work requires more work. I'll inform you after it gets done. Also, after solving the issue regarding "How to test with Islet", I'll release a new docker image.

:: Solution

data.zip

1. Go into the docker terminal, uncompress the attached data.zip, and copy the uncompressed files to /islet/examples/confidential-ml/certifier-data/ (overwrite)
2. Edit /islet/third-party/certifier/src/cc_helpers.c as follows.

   void secure_authenticated_channel::server_channel_accept_and_auth(
     void (*func)(secure_authenticated_channel&)) {
   // accept and carry out auth
   +  SSL_CTX_set_verify(SSL_get_SSL_CTX(ssl_), SSL_VERIFY_PEER, NULL);
   int res = SSL_accept(ssl_);
   }

3. Follow the instructions in "How to test with simulated enclave (no actual hardware TEE) on x86_64" N.B. you have to run "build.sh" for all apps.