Can't build simulation mode on non-SGX machine

Question

Can't build simulation mode on non-SGX machine

jopasserat opened this issue 5 years ago · comments

The instructions to build and run tf-trusted in simulation mode crash with the following error on a machine without SGX:

2019-06-21 14:01:21  WARNING  untrusted_sgx.cc : 62 : Failed to create an enclave, attempt=0, status=1
2019-06-21 14:01:21  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 14:01:21  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 14:01:21  FATAL  tf_trusted_driver.cc : 54 : Load tf_trusted/tf_trusted_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 14:01:21  FATAL  tf_trusted_driver.cc : 54 : Load tf_trusted/tf_trusted_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave

Is this a requirement to have SGX even for the simulation mode?

Gavin Uhma · Answer 1 · Fri Jun 21 2019 22:28:49 GMT+0800 (China Standard Time)

Is this a requirement to have SGX even for the simulation mode?

It's intended to run locally without an SGX device. So this is definitely a bug

Justin Patriquin · Answer 2 · Fri Jun 21 2019 23:09:35 GMT+0800 (China Standard Time)

Yeah. You shouldn't need a machine with sgx to be able run in simulation mode. Can you give us some more information about your environment? Linux vs macos, etc. And anything else you can think of. Those error messages aren't very helpful so any more info you can provide will help us solve the problem. Thanks!

jopasserat · Answer 3 · Fri Jun 21 2019 23:17:27 GMT+0800 (China Standard Time)

I'm working on a AWS VM (t3a.2xlarge) running Ubuntu 18.04 with docker 18.09

(base) ubuntu@ip-XX-XX:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.2 LTS
Release:	18.04
Codename:	bionic
(base) ubuntu@ip-XX-XX:~$ docker --version
Docker version 18.09.6, build 481bc77

Nothing installed on the machine apart from that and working from a tf-trusted clone up to date with the current master branch.

Any steps I should run to provide you with more information?

Justin Patriquin · Answer 4 · Sat Jun 22 2019 02:11:33 GMT+0800 (China Standard Time)

Thanks for this. The first thing that comes to mind is I'm not sure I've run this on Ubuntu 18.04. Maybe only 16.04. If you want to try on a fresh 16.04 that'd be great and I can try on 18.04 when I get back on Monday.

Another thing is I've usually run on GCP not AWS. Shouldn't matter but you never know.

jopasserat · Answer 5 · Sat Jun 22 2019 03:11:14 GMT+0800 (China Standard Time)

Same on Ubuntu 16.04, would have been crazy since all the build happens in docker.
A bit more context around the error:

At global scope:
cc1plus: warning: unrecognized command line option '-Wno-writable-strings'
INFO: From SkylarkAction external/com_github_grpc_grpc/src/proto/grpc/reflection/v1alpha/reflection.grpc.pb.h:
bazel-out/k8-fastbuild/genfiles/external/com_github_grpc_grpc/external/com_github_grpc_grpc: warning: directory does not exist.
INFO: From ProtoCompile external/com_google_protobuf/python/google/protobuf/any_pb2.py [for host]:
external/com_google_protobuf/python: warning: directory does not exist.
INFO: From SkylarkAction external/com_github_grpc_grpc/src/proto/grpc/reflection/v1alpha/reflection.pb.h:
bazel-out/k8-fastbuild/genfiles/external/com_github_grpc_grpc/external/com_github_grpc_grpc: warning: directory does not exist.
Target //tf_trusted:tf_trusted up-to-date:
  bazel-bin/tf_trusted/tf_trusted
INFO: Elapsed time: 1828.954s, Critical Path: 105.60s
INFO: 1938 processes: 1938 processwrapper-sandbox.
INFO: Build completed successfully, 1971 total actions
INFO: Build completed successfully, 1971 total actions
2019-06-21 19:05:52  WARNING  untrusted_sgx.cc : 62 : Failed to create an enclave, attempt=0, status=1
2019-06-21 19:05:52  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:05:52  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:05:52  FATAL  tf_trusted_driver.cc : 54 : Load tf_trusted/tf_trusted_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:05:52  FATAL  tf_trusted_driver.cc : 54 : Load tf_trusted/tf_trusted_enclave.so failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave

jopasserat · Answer 6 · Sat Jun 22 2019 03:22:02 GMT+0800 (China Standard Time)

More info: it seems that the issue comes from Asylo directly, I've tried to run their quickstart on the same machine => same error. Full stacktrace below:

ubuntu@ip-XX-XX:~/asylo-examples$ sudo docker run -it --rm \
>     -v bazel-cache:/root/.cache/bazel \
>     -v "${MY_PROJECT}":/opt/my-project \
>     -w /opt/my-project \
>     gcr.io/asylo-framework/asylo \
>     bazel run --config=enc-sim //quickstart -- --message="Asylo Rocks"
Starting local Bazel server and connecting to it...
INFO: Analysed target //quickstart:quickstart (65 packages loaded, 3888 targets configured).
INFO: Found 1 target...
Target //quickstart:quickstart up-to-date:
  bazel-bin/quickstart/quickstart
INFO: Elapsed time: 22.580s, Critical Path: 10.99s
INFO: 14 processes: 14 processwrapper-sandbox.
INFO: Build completed successfully, 22 total actions
INFO: Build completed successfully, 22 total actions
2019-06-21 19:20:09  WARNING  untrusted_sgx.cc : 62 : Failed to create an enclave, attempt=0, status=1
2019-06-21 19:20:09  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:20:09  ERROR  enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:20:09  FATAL  demo_driver.cc : 59 : LoadEnclave failed with: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave
2019-06-21 19:20:09  FATAL  demo_driver.cc : 59 : LoadEnclave failed with: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave

Justin Patriquin · Answer 7 · Sat Jun 22 2019 03:37:01 GMT+0800 (China Standard Time)

Yeah good point about it running in docker. This is a long shot but wonder if it could be related to this latest commit 2b31631 Fri, Jun 21, 2019, 8:22 PM jopasserat <notifications@github.com> wrote:

…

More info: it seems that the issue comes from Asylo directly, I've tried to run their quickstart <https://github.com/google/asylo/blob/688858c4ee5217841ce26ebf17a4eca3640cf5c9/asylo/examples/quickstart/README.md#building-and-running-an-enclave-application> on the same machine => same error. Full stacktrace below: ***@***.***:~/asylo-examples$ sudo docker run -it --rm \ > -v bazel-cache:/root/.cache/bazel \ > -v "${MY_PROJECT}":/opt/my-project \ > -w /opt/my-project \ > gcr.io/asylo-framework/asylo \ > bazel run --config=enc-sim //quickstart -- --message="Asylo Rocks" Starting local Bazel server and connecting to it... INFO: Analysed target //quickstart:quickstart (65 packages loaded, 3888 targets configured). INFO: Found 1 target... Target //quickstart:quickstart up-to-date: bazel-bin/quickstart/quickstart INFO: Elapsed time: 22.580s, Critical Path: 10.99s INFO: 14 processes: 14 processwrapper-sandbox. INFO: Build completed successfully, 22 total actions INFO: Build completed successfully, 22 total actions 2019-06-21 19:20:09 WARNING untrusted_sgx.cc : 62 : Failed to create an enclave, attempt=0, status=1 2019-06-21 19:20:09 ERROR enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave 2019-06-21 19:20:09 ERROR enclave_manager.cc : 324 : LoadEnclave failed: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave 2019-06-21 19:20:09 FATAL demo_driver.cc : 59 : LoadEnclave failed with: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave 2019-06-21 19:20:09 FATAL demo_driver.cc : 59 : LoadEnclave failed with: ::asylo::error::SgxErrorSpace::Unexpected error: Failed to create an enclave — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#20>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAK2A2U4U6MR6Y74ZOVEQMLP3US5VANCNFSM4H2SFLUA> .

jopasserat · Answer 8 · Sat Jun 22 2019 03:38:25 GMT+0800 (China Standard Time)

i hope not because i couldn't even build without this fix :)

jopasserat · Answer 9 · Sat Jun 22 2019 20:10:56 GMT+0800 (China Standard Time)

Reported upstream to Asylo since I can reproduce the bug with their hello world google/asylo#34

Justin Patriquin · Answer 10 · Mon Jun 24 2019 23:30:18 GMT+0800 (China Standard Time)

Hey @jopasserat I think I found the reason this doesn't work. I tested this on a t3a.2xlarge machine on AWS and it also broke for me. It works every else though. I looked into this instance and it looks like the t3a.2xlarge uses an AMD processor. While a goal of asylo is to be agnostic to CPUs and enclaves I think right now they leverage Intel's SDKs quite a bit. Like they are just using Intel's SGX Simulator and only support Intel SGX. Assuming the simulator doesn't work on AMD CPUs. I'd recommend using t3.2xlarge.

Justin Patriquin · Answer 11 · Tue Jun 25 2019 00:04:27 GMT+0800 (China Standard Time)

I'm going to close this for now. Let us know if there is anything else!