Giters

intel / ehsm

An End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM.

Home Page:https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/An-Intel-SGX-based-Hardware-Security-Module-backed-Key/post/1360130?wapkw=eHSM

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

dkeyserver fail to start

RicLee0124 opened this issue · comments

commented

I built ehsm following the doc https://github.com/intel/ehsm/blob/5c91d6dc367040606cfe55fab9c3f553deeb7243/docs/build-instructions.md#build-instructions, when I execute the build command 'cd docker && docker-compose up -d', I got this such error:

root@iZbp13dtuvfgav62kg8benZ:/ehsm-ksm/ehsm/docker# docker container ls -a | grep dkeyserver
2a5fb58f800e ehsm_dkeyserver:main "sh /home/start_dkey…" 48 minutes ago Exited (0) 37 minutes ago c_dkeyserver
root@iZbp13dtuvfgav62kg8benZ:/ehsm-ksm/ehsm/docker# docker logs 2a5fb58f800e
/home/ehsm/out/ehsm-dkeyserver/ehsm-dkeyserver -r root
[get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
Initializing logs folder [path: /var/run/ehsm/logs].Logs folder: /var/run/ehsm/logs
2a5fb58f800e 01/16/23 08:37:02,829 INFO [App/main.cpp: line 311] - Service name: DomainKey Provisioning Service 0.3.2
2a5fb58f800e 01/16/23 08:37:02,829 INFO [App/main.cpp: line 312] - Service built: 2023.01.16 8:36
2a5fb58f800e 01/16/23 08:37:02,829 INFO [App/main.cpp: line 313] - Service git_sha: 02c8fc4
2a5fb58f800e 01/16/23 08:37:02,829 INFO [App/main.cpp: line 314] - Runtime folder: /var/run/ehsm/
2a5fb58f800e 01/16/23 08:37:02,829 INFO [App/main.cpp: line 339] - Target Server: NULL
2a5fb58f800e 01/16/23 08:37:03,285 ERROR [Enclave/enclave.cpp: line 720] - TLS server: unable to load certificate and private key on the server

2a5fb58f800e 01/16/23 08:37:03,286 ERROR [Enclave/enclave.cpp: line 770] - TLS server: OCALL: error closing client socket

2a5fb58f800e 01/16/23 08:37:03,286 ERROR [Enclave/enclave.cpp: line 776] - TLS server: OCALL: error closing server socket

/home/ehsm/out/ehsm-dkeyserver/ehsm-dkeyserver -r root
[get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
Logs folder: /var/run/ehsm/logs
2a5fb58f800e 01/16/23 08:48:56,758 INFO [App/main.cpp: line 311] - Service name: DomainKey Provisioning Service 0.3.2
2a5fb58f800e 01/16/23 08:48:56,758 INFO [App/main.cpp: line 312] - Service built: 2023.01.16 8:36
2a5fb58f800e 01/16/23 08:48:56,758 INFO [App/main.cpp: line 313] - Service git_sha: 02c8fc4
2a5fb58f800e 01/16/23 08:48:56,758 INFO [App/main.cpp: line 314] - Runtime folder: /var/run/ehsm/
2a5fb58f800e 01/16/23 08:48:56,758 INFO [App/main.cpp: line 339] - Target Server: NULL
2a5fb58f800e 01/16/23 08:48:56,996 ERROR [Enclave/enclave.cpp: line 720] - TLS server: unable to load certificate and private key on the server

2a5fb58f800e 01/16/23 08:48:56,996 ERROR [Enclave/enclave.cpp: line 770] - TLS server: OCALL: error closing client socket

2a5fb58f800e 01/16/23 08:48:56,996 ERROR [Enclave/enclave.cpp: line 776] - TLS server: OCALL: error closing server socket

The error said "unable to load certificate and private key on the server", but where is the certificate and private key ?

commented

Seems it's caused by your PCCS, can you share more information about the PCCS log?

commented

run_with_single.sh You can also try with this single machine script for local test purpose. Thanks.