[GitHub] [incubator-teaclave] chenzhijun45 opened a new issue, #667: DCAP failed

Mon, 19 Dec 2022 00:56:15 -0800 


chenzhijun45 opened a new issue, #667:
URL: https://github.com/apache/incubator-teaclave/issues/667

   I have deployed the dcap service, aesmd status:
   ```java
   root@tec-191:~/incubator-teaclave# service aesmd status
   ● aesmd.service - Intel(R) Architectural Enclave Service Manager
        Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor 
preset: enabled)
        Active: active (running) since Wed 2022-10-19 08:19:08 UTC; 2 months 0 
days ago
      Main PID: 35809 (aesm_service)
         Tasks: 4 (limit: 613772)
        Memory: 7.0M
        CGroup: /system.slice/aesmd.service
                └─35809 /opt/intel/sgx-aesm-service/aesm/aesm_service
   
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain 
from memory cache successfully.
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain 
from memory cache successfully.
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain 
from memory cache successfully.
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain 
from memory cache successfully.
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
   Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain 
from memory cache successfully.
   ```
   pccs status and config:
   ```java
   root@tec-191:~/incubator-teaclave# service pccs status
   ● pccs.service - Provisioning Certificate Caching Service (PCCS)
        Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor 
preset: enabled)
        Active: active (running) since Mon 2022-11-07 10:45:41 UTC; 1 months 11 
days ago
          Docs: 
https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
      Main PID: 284276 (node)
         Tasks: 11 (limit: 613772)
        Memory: 73.7M
        CGroup: /system.slice/pccs.service
                └─284276 /usr/bin/node -r esm 
/opt/intel/sgx-dcap-pccs/pccs_server.js
   
   Dec 18 01:00:03 tec-191 node[284276]: 2022-12-18 01:00:03.719 [info]: 
Request-ID is : 85ff17da17fe433f8d718dedb136d679
   Dec 18 01:00:04 tec-191 node[284276]: 2022-12-18 01:00:04.490 [info]: 
Request-ID is : dfef1d7294994b9caffe5deda5ea6a9e
   Dec 18 01:00:05 tec-191 node[284276]: 2022-12-18 01:00:05.230 [info]: 
Scheduled cache refresh is completed successfully.
   Dec 19 01:00:02 tec-191 node[284276]: 2022-12-19 01:00:02.088 [info]: 
Request-ID is : 55fb3551d0574a41895a47c22ee5c38f
   Dec 19 01:00:03 tec-191 node[284276]: 2022-12-19 01:00:03.165 [info]: 
Request-ID is : 2bab10c8dda549c09d0b2a391accdad6
   Dec 19 01:00:03 tec-191 node[284276]: 2022-12-19 01:00:03.953 [info]: 
Request-ID is : 9e2f6c486a534de1bd1b9329521c8f69
   Dec 19 01:00:04 tec-191 node[284276]: 2022-12-19 01:00:04.805 [info]: 
Request-ID is : a87492cfe13f43ea8cbabe358ee4fc76
   Dec 19 01:00:05 tec-191 node[284276]: 2022-12-19 01:00:05.736 [info]: 
Scheduled cache refresh is completed successfully.
   Dec 19 02:48:26 tec-191 node[284276]: 2022-12-19 02:48:26.702 [info]: Client 
Request-ID : 9cddea128ad946bda06b7b94e925208b
   Dec 19 02:48:26 tec-191 node[284276]: 2022-12-19 02:48:26.708 [info]: 
127.0.0.1 - - [19/Dec/2022:02:48:26 +0000] "GET 
/sgx/certification/v3/pckcert?qeid=480A5C930339045DBBC81B7C3C3ACCEC&encrypted_ppid=76AD9CB026682225C96680D57D545E83F2EC79248A3C73445212BAD2F2149B1BE012>
   lines 1-20/20 (END)
   
   
   {
       "pccs_url": "https://localhost:8082/sgx/certification/v3/";,
       "use_secure_cert": false,
       "retry_times": 6,
       "retry_delay": 10,
       "pck_cache_expire_hours": 168
   }
   ```
   
   Build the Teaclave platform using 
docker(https://teaclave.apache.org/docs/my-first-function/):
   ```shell
   docker run --rm -v $(pwd):/teaclave -w /teaclave \
     -it teaclave/teaclave-build-ubuntu-1804-sgx-dcap-1.11:latest \
      bash -c ". /root/.cargo/env && \
        . /opt/sgxsdk/environment && \
        mkdir -p build && cd build && \
        cmake -DDCAP=ON -DTEST_MODE=ON .. && \
        make"
   ```
   or
   ```shell
   docker run --rm -v $(pwd):/teaclave -w /teaclave \
     -it teaclave/teaclave-build-ubuntu-1804-sgx-2.14:latest \
      bash -c ". /root/.cargo/env && \
        . /opt/sgxsdk/environment && \
        mkdir -p build && cd build && \
        cmake -DTEST_MODE=ON .. && \
        make"
   ```
   I have tried the above commands, and the construction is successful. But 
when I continue to run the following command: `cd docker && 
./run-teaclave-services.sh`,  it failed. The log is as follows:
   ```java
   root@tec-191:~/incubator-teaclave# export TEACLAVE_LOG=info
   root@tec-191:~/incubator-teaclave# cd docker && ./run-teaclave-services.sh
   /dev/sgx/enclave device detected.
   /dev/sgx/provision device detected.
   /var/run/aesmd/aesm.socket socket detected.
   COMMAND: docker-compose -f docker-compose-ubuntu-1804.yml -f 
docker-compose-dcap-dev.override.yml -f docker-compose-aesm-socket.override.yml 
up
   Starting teaclave-access-control-service ... done
   Starting teaclave-storage-service        ... done
   Starting teaclave-file-service           ... done
   Starting teaclave-authentication-service ... done
   Starting teaclave-management-service     ... done
   Starting teaclave-scheduler-service      ... done
   Starting teaclave-execution-service      ... done
   Starting teaclave-frontend-service       ... done
   Attaching to teaclave-access-control-service, teaclave-storage-service, 
teaclave-authentication-service, teaclave-scheduler-service, 
teaclave-file-service, teaclave-execution-service, teaclave-management-service, 
teaclave-frontend-service
   teaclave-authentication-service    | [2022-12-19T08:34:04Z INFO  
teaclave_authentication_service_enclave] Starting Authentication...
   teaclave-access-control-service    | [2022-12-19T08:34:05Z ERROR 
teaclave_access_control_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-access-control-service    |             request without 
modifications.
   teaclave-access-control-service    | [2022-12-19T08:34:05Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-access-control-service    | [2022-12-19T08:34:05Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-storage-service           | [2022-12-19T08:34:05Z INFO  
teaclave_storage_service_enclave] Starting Storage...
   teaclave-access-control-service exited with code 0
   teaclave-authentication-service    | [2022-12-19T08:34:06Z ERROR 
teaclave_authentication_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-authentication-service    |             request without 
modifications.
   teaclave-authentication-service    | [2022-12-19T08:34:06Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-authentication-service    | [2022-12-19T08:34:06Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-scheduler-service         | [2022-12-19T08:34:06Z INFO  
teaclave_scheduler_service_enclave] Starting Scheduler...
   teaclave-frontend-service          | [2022-12-19T08:34:06Z INFO  
teaclave_frontend_service_enclave] Starting FrontEnd ...
   teaclave-authentication-service exited with code 0
   teaclave-execution-service         | [2022-12-19T08:34:07Z INFO  
teaclave_execution_service_enclave] Starting Execution...
   teaclave-storage-service           | [2022-12-19T08:34:07Z ERROR 
teaclave_storage_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-storage-service           |             request without 
modifications.
   teaclave-management-service        | [2022-12-19T08:34:07Z INFO  
teaclave_management_service_enclave] Starting Management...
   teaclave-storage-service           | [2022-12-19T08:34:07Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-storage-service           | [2022-12-19T08:34:07Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-scheduler-service         | [2022-12-19T08:34:07Z ERROR 
teaclave_scheduler_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-scheduler-service         |             request without 
modifications.
   teaclave-frontend-service          | [2022-12-19T08:34:07Z ERROR 
teaclave_frontend_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-frontend-service          |             request without 
modifications.
   teaclave-storage-service exited with code 0
   teaclave-scheduler-service         | [2022-12-19T08:34:07Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-scheduler-service         | [2022-12-19T08:34:07Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-frontend-service          | [2022-12-19T08:34:08Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-frontend-service          | [2022-12-19T08:34:08Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-scheduler-service exited with code 0
   teaclave-execution-service         | [2022-12-19T08:34:08Z ERROR 
teaclave_execution_service_enclave] Service shutdown, reason: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-execution-service         |             request without 
modifications.
   teaclave-execution-service         | [2022-12-19T08:34:08Z INFO  
teaclave_service_app_utils] Exit
   teaclave-frontend-service exited with code 0
   teaclave-management-service        | [2022-12-19T08:34:08Z ERROR 
teaclave_management_service_enclave] Failed to start the service: Invalid 
Attestation Evidence Payload. The client should not repeat the
   teaclave-management-service        |             request without 
modifications.
   teaclave-management-service        | [2022-12-19T08:34:09Z ERROR 
teaclave_binder::ipc::app] ecall_ipc_entry_point, app 
sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
   teaclave-management-service        | [2022-12-19T08:34:09Z ERROR 
teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
   teaclave-execution-service exited with code 1
   teaclave-management-service exited with code 0
   ```
   Where did I operate or configure incorrectly, please? Thank you in advance 
for your reply.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For additional commands, e-mail: notifications-h...@teaclave.apache.org

Reply via email to