Open muhazzz opened 5 years ago
My guess would be your server doesn't have AES-NI, or has AES-NI explicitly disabled in UEFI/BIOS. What CPU is it? I can at least tell you if AES-NI should theoretically be supported. Otherwise try checking your UEFI/BIOS for an option to enable AES-NI or some other "Enable AES acceleration"-style option.
If your server has a CPU which actually doesn't support AES-NI, and you built the KMS with the RUSTFLAGS to enable it i.e.
export RUSTFLAGS=-Ctarget-feature=+aes
...you will need to disable those. Note that the software fallback it will use instead has not been extensively tested for potential security issues that can arise in a soft AES implementation (e.g. cache timing sidechannels).
Alternatively, you can try to figure out which illegal instruction was executed by disassembling the program with gdb
or lldb
after it catches the SIGILL
. In gdb that'd look something like:
$ gdb tmkms
(gdb) run yubihsm keys list
[...] (keep `cont`inuing until you get to the SIGILL)
(gdb) disassemble
Here is an upstream issue to do runtime detection for AES-NI support:
I ran into the same issue and it was AES-NI. (The Core2Duo I was using doesn't support the AES instruction set.) Disabling it resolved this issue. (I had others, but unrelated ones.)
I have a strange problem with KMS on my Debian server: What could be wrong and how to solve this "Illegal instruction" thing?