Can't start consensu node with SGX2
quangtuyen88 opened this issue · comments
cpuid -1 | grep SGX
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = true
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = true
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = true
SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):
![Screenshot 2024-02-04 at 00 36 11](https://private-user-images.githubusercontent.com/5916248/302049249-3742ffc7-87af-4dda-b7a5-0c4959ffa16e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE4NjAxNDEsIm5iZiI6MTcyMTg1OTg0MSwicGF0aCI6Ii81OTE2MjQ4LzMwMjA0OTI0OS0zNzQyZmZjNy04N2FmLTRkZGEtYjdhNS0wYzQ5NTlmZmExNmUucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjRUMjIyNDAxWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NTRiN2E1NjVlMWU2ZTk4NGNkMmVkMzFkMGMwYzc2NGE5MjA0MmEwNzg2YjA1YTllN2NiODM3ODY4ZDE4YTM1OCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.Pn3OO2YQxNYGXqo5w7ZfB7mMpArzxaDPBQyLV2vnTYc)
log of ceseal
container :
EBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted net access to "deno.land"
DEBUG RS - deno::file_fetcher:254 - FileFetcher::fetch_cached - specifier: https://deno.land/std@0.213.0/path/_common/glob_to_reg_exp.ts
DEBUG RS - deno::file_fetcher:550 - FileFetcher::fetch() - specifier: https://deno.land/std@0.213.0/path/posix/_util.ts
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted net access to "deno.land"
DEBUG RS - deno::file_fetcher:344 - FileFetcher::fetch_remote() - specifier: https://deno.land/std@0.213.0/path/posix/_util.ts
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted net access to "deno.land"
DEBUG RS - deno::file_fetcher:254 - FileFetcher::fetch_cached - specifier: https://deno.land/std@0.213.0/path/posix/_util.ts
DEBUG RS - deno::npm::managed::resolution:313 - Snapshot already up to date. Skipping pending resolution.
DEBUG RS - deno::module_loader:218 - Prepared module load.
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted read access to "/opt/ceseal/releases/current"
Current /opt/ceseal/releases/24013112
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted read access to "/opt/ceseal/releases/24013112/data/protected_files/runtime-data.seal"
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted read access to "/opt/ceseal/backups"
No previous version, no need to handover!
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted read access to "/opt/ceseal/releases/24013112"
DEBUG RS - deno_runtime::permissions:86 - ⚠️️ Granted read access to "/opt/ceseal/backups/24013112"
'/opt/ceseal/backups/24013112' already exists.
Work dir '/opt/ceseal/releases/24013112'
Data dir '/opt/ceseal/releases/24013112/data'
Starting Ceseal with extra opts '--role=full '
Ceseal will running in hardware mode
Gramine is starting. Parsing TOML manifest file, this may take some time...
error: AESM service returned error 31; this may indicate that infrastructure for the EPID attestation requested by Gramine is missing on this machine
error: load_enclave() failed with error: Operation not permitted (EPERM)
ceseal exited with code 255
ceseal uses EPID remote attestation , you know it does not support SGX2 yet.
please move this issue with #240 into cess project. @quangtuyen88