Open Rf-xi opened 1 year ago
It appears that there is no issue with the attestation step. Can you confirm if your openenclave sample is running successfully? It is possible that there might be a problem with your SDK environment.
Hello, thanks for your reply. You are right, I find a problem when running the attestation sample:
~/mysamples/attestation/build$ make run
[ 19%] Built target attestation_host
[ 23%] Built target public_key_a
[ 47%] Built target common
[ 61%] Built target enclave_b
[ 71%] Built target enclave_b_signed
[ 76%] Built target public_key_b
[ 90%] Built target enclave_a
[100%] Built target enclave_a_signed
[100%] Built target sign
Scanning dependencies of target runsgxremote
Host: Creating two enclaves
Host: Enclave library /home/xrf/mysamples/attestation/build/enclave_a/enclave_a.signed
Enclave1: ***/home/xrf/mysamples/attestation/common/crypto.cpp(80): mbedtls initialized.
Host: Enclave successfully created.
Host: Enclave library /home/xrf/mysamples/attestation/build/enclave_b/enclave_b.signed
Enclave2: ***/home/xrf/mysamples/attestation/common/crypto.cpp(80): mbedtls initialized.
Host: Enclave successfully created.
Host: environment variable SGX_AESM_ADDR is not set
Host: ********** Attest enclave_a to enclave_b **********
Host: Requesting enclave_b format settings
Enclave2: ***/home/xrf/mysamples/attestation/common/dispatcher.cpp(79): get_enclave_format_settings
Host: Requesting enclave_a to generate a targeted evidence with an encryption key
Enclave1: ***/home/xrf/mysamples/attestation/common/dispatcher.cpp(133): get_evidence_with_public_key
Enclave1: ***/home/xrf/mysamples/attestation/common/attestation.cpp(94): oe_serialize_custom_claims
Enclave1: ***/home/xrf/mysamples/attestation/common/attestation.cpp(105): serialized custom claims buffer size: 121
Enclave1: ***/home/xrf/mysamples/attestation/common/attestation.cpp(126): generate_attestation_evidence succeeded.
Enclave1: ***/home/xrf/mysamples/attestation/common/dispatcher.cpp(179): get_evidence_with_public_key succeeded
Host: enclave_a's public key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCIjYJ/8lf7Vb592iVJW
QdDr6AwcajZspLXSLp0y1psCDZhGo31q4jEyyN89ebDKI1gYSCYhwb+kLYe/+yKX
J/mGNl++oYtpG8Sn3lzpfCAZWsmuu1oFGY8WvVl/vPJGdrNbVYEoLFAqMD/3QBh/
ErpCmNrD58RHjjbk6UsjWOSchry15JBC04rrQ9duSoVH5url/29FDKLNT9jZ+7XN
gxgm24IGrL1qlH4jP9XLLg5e+soC2YIf3v45K62L7k/dE7b5MWgTyT4f7uHvTJOv
BuUd+QM7tVuyr/GSY0JViJGPCU/xNL/jBV+ScjwhJU5pPmuhYfGKPM/YpHvygm5T
2QIDAQAB
-----END PUBLIC KEY-----
Host: verify_evidence_and_set_public_key in enclave_b
Enclave2: ***/home/xrf/mysamples/attestation/common/attestation.cpp(201): oe_verify_evidence failed (OE_TCB_LEVEL_INVALID).
Enclave2: ***/home/xrf/mysamples/attestation/common/dispatcher.cpp(221): verify_evidence_and_set_public_key failed.
Host: verify_evidence_and_set_public_key failed. OE_OK
Host: attestation failed with 1
Host: Terminating enclaves
Enclave1: ***/home/xrf/mysamples/attestation/common/crypto.cpp(94): mbedtls cleaned up.
Host: Enclave successfully terminated.
Enclave2: ***/home/xrf/mysamples/attestation/common/crypto.cpp(94): mbedtls cleaned up.
Host: Enclave successfully terminated.
Host: failed
make[3]: *** [CMakeFiles/runsgxremote.dir/build.make:57: CMakeFiles/runsgxremote] Error 1
make[2]: *** [CMakeFiles/Makefile2:107: CMakeFiles/runsgxremote.dir/all] Error 2
make[1]: *** [CMakeFiles/Makefile2:185: CMakeFiles/run.dir/rule] Error 2
make: *** [Makefile:157: run] Error 2
It appears that there is no issue with the attestation step. Can you confirm if your openenclave sample is running successfully? It is possible that there might be a problem with your SDK environment.
Maybe you can try to rebuild the openenclave sdk, Narrator use this version openenclave
Hi, I have a problem when running ServerEnclave. I want to run NARRATOR with the following command:
It seems that create enclave failed. . I suspect that inconsistent PCCS service addresses are causing this error. But I'm not familiar with the sgx configuration, so can you help me ?
I tried another PCCS address and it seems to be working. “https: //127.0.0.1:8081/sgx/certification/v4/rootcacrl"
I have tried to reinstall the PCCS but I didn't find any config to change its address. So, Is this the problem, and how do I fix it?