# Environment
I am using Ubuntu 20.04 with SGX 2.17. Installed Teaclave with the following:
```
sudo docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-2004-sgx-dcap-1.14:0.2.0 \
bash -c ". /root/.cargo/env && \
. /opt/sgxsdk/environment && \
mkdir -p build && cd build && \
git config --global --add safe.directory '*' && \
cmake -DTEST_MODE=ON -DDCAP=ON .. && \
make -j"
```
Set environment variables:
```
export AS_SPID="00000000000000000000000000000000"
export AS_KEY="00000000000000000000000000000000"
export AS_ALGO="sgx_ecdsa"
export AS_URL="https://10.5.4.242:8081";
export TEACLAVE_LOG=trace
```
Modified build.config.toml so it used DCAP cert.
```
# Intel Attestation Service root CA certificate to verify attestation report
# as_root_ca_cert = { path = "config/keys/ias_root_ca_cert.pem" }
# For DCAP, use the following cert
as_root_ca_cert = { path = "config/keys/dcap_root_ca_cert.pem" }
```
AESM service:
```
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset:
enabled)
Active: active (running) since Tue 2023-12-12 17:51:37 UTC; 57min ago
Process: 20825 ExecStartPre=/opt/intel/sgxpsw/aesm/linksgx.sh (code=exited,
status=0/SUCCESS)
Process: 20834 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited,
status=0/SUCCESS)
Process: 20836 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/
(code=exited, status=0/SUCCESS)
Process: 20837 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited,
status=0/SUCCESS)
Process: 20838 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/
(code=exited, status=0/SUCCESS)
Process: 20839 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited,
status=0/SUCCESS)
Process: 20840 ExecStart=/opt/intel/sgxpsw/aesm/aesm_service (code=exited,
status=0/SUCCESS)
Main PID: 20841 (aesm_service)
Tasks: 4 (limit: 38387)
Memory: 3.3M
CGroup: /system.slice/aesmd.service
└─20841 /opt/intel/sgxpsw/aesm/aesm_service
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Try memory cache...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Try remote service...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Request URL
https://10.5.4.242:8081/sgx/certification/v3/pck>...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] HTTP status code: 200
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Try memory cache...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Retrieved PCK certchain
from memory cache successfully.
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Try memory cache...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Retrieved PCK certchain
from memory cache successfully.
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Try memory cache...
dic 12 17:51:47 teaclave-vm aesm_service[20841]: [QCNL] Retrieved PCK certchain
from memory cache successfully.
```
PCCS Service
```
● pccs.service - Provisioning Certificate Caching Service (PCCS)
Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset:
enabled)
Active: active (running) since Tue 2023-12-12 13:59:48 CET; 5h 56min ago
Docs:
https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
Main PID: 4156670 (node)
Tasks: 15 (limit: 538088)
Memory: 37.3M
CPU: 2.672s
CGroup: /system.slice/pccs.service
└─4156670 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js
Dec 12 13:59:48 syp-s1 systemd[1]: Started Provisioning Certificate Caching
Service (PCCS).
Dec 12 13:59:50 syp-s1 node[4156670]: 2023-12-12 13:59:50.003 [info]: HTTPS
Server is running on: https://localhost:>
Dec 12 18:51:47 syp-s1 node[4156670]: 2023-12-12 18:51:47.805 [info]: Client
Request-ID : 999f8a12d6474051b90a2ec262>
Dec 12 18:51:47 syp-s1 node[4156670]: 2023-12-12 18:51:47.832 [info]:
192.168.122.158 - - [12/Dec/2023:17:51:47
```
# Error
Now on `./run-teaclave-services.sh`
```
teaclave-frontend-service | [ERROR teaclave_frontend_service_enclave]
Failed to run service: invalid peer certificate: Other(UnsupportedCertVersion)
teaclave-frontend-service | [2023-12-12T18:58:34Z DEBUG
teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123,
34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114,
111, 114, 34, 125]
teaclave-frontend-service | [2023-12-12T18:58:34Z DEBUG
teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
teaclave-frontend-service | [TRACE teaclave_frontend_service_enclave]
tee receive cmd: 1002, input_buf = [110, 117, 108, 108]
teaclave-frontend-service | [DEBUG teaclave_frontend_service_enclave]
handle_invoke
teaclave-frontend-service | [DEBUG teaclave_service_enclave_utils]
Enclave finalizing
teaclave-frontend-service | [DEBUG teaclave_service_enclave_utils]
g_peak_heap_used: 614400
teaclave-frontend-service | [DEBUG teaclave_service_enclave_utils]
g_peak_rsrv_mem_committed: 0
teaclave-frontend-service | [2023-12-12T18:58:34Z DEBUG
teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123,
34, 79, 107, 34, 58, 110, 117, 108, 108, 125]
teaclave-frontend-service | [2023-12-12T18:58:34Z DEBUG
teaclave_binder::binder] Dropping TeeBinder, start finalize().
teaclave-frontend-service | [2023-12-12T18:58:34Z DEBUG
teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
teaclave-frontend-service | [2023-12-12T18:58:34Z ERROR
teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:InvalidEcnalveId
teaclave-frontend-service | [2023-12-12T18:58:34Z ERROR
teaclave_binder::binder] IpcError(SgxError(InvalidEcnalveId))
teaclave-frontend-service exited with code 0
```
Maybe a problem of self-signed certificates from PCCS? PCCS is on V3.
Thanks in advance.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/725
You are receiving this because you are subscribed to this thread.
Message ID: <apache/incubator-teaclave/issues/[email protected]>
