So I am trying to change keys for demostration on config/keys. I created my own
CA and exported some end-entity certificate and private key. I changed
`dcap_root_ca_cert.pem`, `dcap_server_cert.pem` and `dcap_server_key.pem` with
mine. Also added server cert and pem to the basic dcap
Closed #726 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/726#event-12198299145
You are receiving this because you are subscribed to this thread.
Message ID:
Closed #725 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/725#event-12198303313
You are receiving this because you are subscribed to this thread.
Message ID:
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/726
You are receiving this because you are subscribed to this thread.
Message ID:
Closed #710 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/710#event-11707460769
You are receiving this because you are subscribed to this thread.
Message ID:
I saw dcap testing tool (/release/dcap/teaclave_dcap_ref_as) actually accepts
the POST connection.
```
POST /sgx/dev/attestation/v4/report application/json:
>> Matched: (verify_quote) POST /sgx/dev/attestation/v4/report
application/json
>> Outcome: Success
>> Response succeeded.
```
So I was able to temporary bypass the certification problems, but the issue
with de 404 error is still there:
```
[TRACE teaclave_attestation::service] HTTP/1.1 404 Not Found
X-Powered-By: Express
Could someone explain me the correlation between these keys and my pccs service
keys? Do I need to change cert and key and add my pccs files? Is it necessary
to have a particular type of certificate on the pccs? Should It work with no
changes for development and testing?
I might need to trace down source code, nevertheless, I am only able to bypass
the certificate error using the attestation tool to test it, if I try to load
teaclave services, I get `NotValidForName` error, using teaclave DCAP
certificates on PCCS service. So I guess there should be another
Yes I am aware of all of that, so I am assuming it is a configuration issue
from my teaclave? Since it is the one who is making those requests. Maybe there
is some config I should change bu I couldn't find propper DCAP deployment
documentation.
Also:
```
So doing some testing I used the keys located at
`/incubator-teaclave/config/keys` to try to bypass the error. I used
`dcap_server_cert.pem` and `dcap_server_key.pem` as my pccs certificate and
private key (since the other way around didn't work as it outputs the same
error). I was able to
So I changed `LogLevel` to `debug` in
`/opt/intel/sgx-dcap-pccs/config/default.json`:
```
{
"HTTPS_PORT" : 8082,
"hosts" : "0.0.0.0",
"uri": "https://api.trustedservices.intel.com/sgx/certification/v3/;,
...
"LogLevel" : "debug",
```
Now once I restart pccs service, I run `sudo -E
Some more maybe useful information:
/etc/sgx_default_qcnl.conf content:
```
{
// *** ATTENTION : This file is in JSON format so the keys are case sensitive.
Don't change them.
Update: Installed 1.14 version of PCCS on my VM, error is the same,
configuration file `/etc/sgx_default_qcnl.conf` is working well since changes
on certs reflect on error logs on teaclave. Sample codes also work as they
should. Also ,neither aesmd or pccs services show any errors.
--
Reply
Configuration is correct, also logs don't show errors or warnings. My pccs
version, which is on host machine, is 1.19, maybe that could cause problems
since my vm is working with sdk 2.17 and dcap 1.14 as teaclave needs.
--
Reply to this email directly or view it on GitHub:
Update: I could solve UnsupportedCertVersion error, I had to create a new cert
for pccs but with version 3, since it was on version 1, that solved the error.
Now I get **UnknownIssuer** error, which I guess it's because the certificate
is a self signed one. I don't know if teaclave has some
# Environment
I am using Ubuntu 20.04 with SGX 2.17. Installed Teaclave with the following:
```
sudo docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-2004-sgx-dcap-1.14:0.2.0 \
bash -c ". /root/.cargo/env && \
. /opt/sgxsdk/environment && \
Closed #722 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/722#event-11220894636
You are receiving this because you are subscribed to this thread.
Message ID:
More from last output, loop comes from this error, which is not understandable
since it is running on SIM mode:
```
teaclave-frontend-service | [2023-11-24T09:25:09Z ERROR
teaclave_binder::ipc::app] ecall_ipc_entry_point, app
sgx_error:InvalidEcnalveId
After removing every docker image related to teaclave, it seems that the
program actually is on SIM mode.
Now receiving this error:
```
teaclave-scheduler-service | [TRACE
rustls::server::tls12::client_hello] sending server hello Message { version:
TLSv1_2, payload: Handshake {
I assume there should be no problem since I am running teaclave on SIM mode,
but just in case, I am running Intel SGX SDK 2.22
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/722#issuecomment-1805636738
You are receiving this because you
Closed #723 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/723#event-10924465635
You are receiving this because you are subscribed to this thread.
Message ID:
Ok thanks, I will wait for a realease with 2.22 support since it is the version
my server is running.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/723#issuecomment-1805634884
You are receiving this because you are subscribed to this
Changed docker compose image on `run-teaclave-services.sh`. Also removed the
docker image used to build teaclave so it could be downloaded again. Nothing
changed:
```
COMMAND: docker-compose -f docker-compose-ubuntu-2004.yml up
Recreating teaclave-storage-service... done
Recreating
Hi, I was wondering if there is any support for the latest versión of Intel SGX
2.22, since I can't find any docker image from any version after 2.17.
Also, is there any way to build teaclave without the docker image? Should it be
working for latest Intel SGX? Or there is just no support
I am trying to deploy teaclave on simulation mode, these are the steps I did:
```
$ git clone https://github.com/apache/incubator-teaclave.git
$ docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-2004-sgx-2.17.1:0.2.0 \
bash -c ". /root/.cargo/env && \
Same here, any news on this?
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/430#issuecomment-1725273841
You are receiving this because you are subscribed to this thread.
Message ID:
So I'm trying to deploy the teaclave services. Environment variables are
configured as:
```
export AS_SPID=""
export AS_KEY=""
export AS_ALGO="sgx_ecdsa"
export AS_URL="https://host.docker.internal:8081;
export TEACLAVE_LOG=trace
hi...
i'm trying to use my Diskless Computer (DC) with LTS
(latest :: 3.0), when i start my Server (RedHat80
+NFS+TFTP+DHCP3) there isn't problem... but when i
try to start my DC, i only see :
Caught SIGHUP
... i'm using Ehterboot and, i can see the Linux
Kernel is loaded!!, the FS (NFS) is
29 matches
Mail list logo