[apache/incubator-teaclave] How to fit rust crates to SGX? (Issue #597)
I want to add build-in function, it depend rust crates, such gluesql、csv, but the https://github.com/mesalock-linux doesn't include these crates. How to fit these rust crates to SGX? -- Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/597 You are receiving this because you are subscribed to this thread. Message ID:
[apache/incubator-teaclave] Does teaclave supports delete the uploaded data\function\task? (#555)
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/555
[apache/incubator-teaclave] dcap attentation (#548)
I lauch the dacp reference implement teaclave_dcap_ref_as: # ./teaclave_dcap_ref_as Configured for development. => address: 0.0.0.0 => port: 8080 => log: normal => workers: 4 => secret key: generated => limits: forms = 32KiB => keep-alive: 5s => tls: enabled Mounting /: => POST /sgx/dev/attestation/v4/report application/json (verify_quote) Rocket has launched from https://0.0.0.0:8080 and use teaclave_sgx_tool the verfify the dcap service: # ./teaclave_sgx_tool attestation --url https://localhost:8080 --algorithm sgx_ecdsa ![image](https://user-images.githubusercontent.com/6261949/129992331-86807e57-db3a-4775-b216-9d18ae5505fc.png) It can be verfiry correctly. By when I use the other ip(127.0.0.1) instead of 'localhost', the error had occured: ![image](https://user-images.githubusercontent.com/6261949/129992578-23c7c27b-7f0a-4f7b-abbe-24a6c881adee.png) How to fix it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/548
[apache/incubator-teaclave] The payload is too large, how to fix? (#533)
I use a wasm Excutor, the wasm file is 1.2M. I register the wasm function to the teaclave. Some error have occured: **_{'result': 'err', 'request_error': 'storage error'} function_id = client.register_function( File "/root/incubator-teaclave/sdk/python/teaclave.py", line 375, in register_function return response["content"]["function_id"]_** How to fix this problem? Or what the max size of payload file? Or how to increase the size of wasm that the enclave can accept? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/533
[apache/incubator-teaclave] Compile python to wasm (#521)
Is WebAssembly executor(https://github.com/apache/incubator-teaclave/blob/master/docs/executing-wasm.md) support python? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/521
[apache/incubator-teaclave] How to integrate mesatee with libos(such as occulmn, graphene)? (#502)
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/502
Re: [apache/incubator-teaclave] some problem about sgx_ecdsa attentation (#469)
> Hi @xglreal, thanks for your question! Sorry, I couldn't help you if you > cannot provide more detailed information. Like how did you setup the > environment? The teaclave_dcap_ref_as is builded on the steps: **docker run --rm -v $(pwd):/teaclave -w /teaclave \ -it teaclave/teaclave-build-ubuntu-1804-sgx-dcap-1.6:latest \ bash -c ". /root/.cargo/env && \ . /opt/sgxsdk/environment && \ mkdir -p build && cd build && \ cmake -DTEST_MODE=ON -DDCAP=ON .. && \ make" docker run --rm -v $(pwd):/teaclave -w /teaclave \ -it teaclave/teaclave-build-ubuntu-1804-sgx-2.9.1:latest \ bash -c ". /root/.cargo/env && \ . /opt/sgxsdk/environment && \ mkdir -p build && cd build && \ cmake -DTEST_MODE=ON -DDCAP=ON .. && \ make"** and the **teaclave_dcap_ref_as** will appear in the directory incubator-teaclave/release/dcap/. I use **incubator-teaclave/release/dcap/teaclave_dcap_ref_as**, the builded tool to start dcap service. The setup message is below: _Configured for development. => address: localhost => port: 8080 => log: normal => workers: 4 => secret key: generated => limits: forms = 32KiB => keep-alive: 5s => tls: enabled Mounting /: => POST /sgx/dev/attestation/v4/report application/json (verify_quote) Rocket has launched from https://localhost:8080_ Then, I use the command **./teaclave_sgx_tool attestation --url https://localhost:8080 --algorithm sgx_ecdsa** to get the dcap service, but eventually I fail to get the service. The error message is below: _Error: ServiceError_ Is there anyone can help me to fix it? Thanks. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/469#issuecomment-769065843
[apache/incubator-teaclave] some problem about sgx_ecdsa attentation (#469)
I use the dcap client 'teaclave_sgx_tool ' to get attentation with the dcap service, but some error was occured. The commend is: _./teaclave_sgx_tool attestation --url https://localhost:8080 --algorithm sgx_ecdsa_ The error is: _root@cc:~/incubator-teaclave# Configured for development. => address: localhost => port: 8080 => log: normal => workers: 4 => secret key: generated => limits: forms = 32KiB => keep-alive: 5s => tls: enabled Mounting /: => POST /sgx/dev/attestation/v4/report application/json (verify_quote) Rocket has launched from https://localhost:8080 POST /sgx/dev/attestation/v4/report application/json: => Matched: POST /sgx/dev/attestation/v4/report application/json (verify_quote) sgx_qv_verify_quote fialed: SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => Outcome: Failure => Warning: Responding with 400 Bad Request catcher. => Response succeeded._ Where is the problem about it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/469
Re: [apache/incubator-teaclave] How to get DCAP(ECDSA) attestation information (#459)
> For DCAP, `AS_ALGO` is `ecdsa`. `AS_URL` is the URL of your data center > attestation service. `AS_KEY` and `AS_SPID` are not used for DCAP. How to get the 'dcap_root_ca_cert.pem'? And do there have any complete material introduce how to install DCAP and use it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/459#issuecomment-763368526
[apache/incubator-teaclave] How to get DCAP(ECDSA) attestation information (#459)
How to get the value of AS_ALGO,AS_URL,AS_KEY,AS_SPID to attest with DCAP attestation service? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/459
[apache/incubator-teaclave] dcap认证服务如何使用 (#454)
请问一下: 1、按照这个项目https://github.com/intel/SGXDataCenterAttestationPrimitives,安装好dcap之后,如何使用这个安装好的dcap认证服务呢? 2、使用dcap认证服务,mesatee是不是需要重新编译?需要修改哪些配置呢? 谢谢 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/454
[apache/incubator-teaclave] intel sgx认证机制 (#452)
请问一下,mesatee是怎么进行sgx的合法性验证的? $ export AS_SPID="" # SPID from IAS subscription $ export AS_KEY="" # Primary key/Secondary key from IAS subscription $ export AS_ALGO="sgx_epid" # Attestation algorithm, sgx_epid for IAS $ export AS_URL="https://api.trustedservices.intel.com:443;# IAS URL 这些参数是什么含义? sgx合法性认证可以必须通过intel官网进行认证吗? 可以离线认证吗? 谢谢 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/452
[apache/incubator-teaclave] worker含义 (#450)
+---+ |Execution Service | | +-+ | | |Worker | | | | +--+ +-+ | | | | | Executor | | Runtime | | | | | +--+ +-+ | | | +-+ | +---+ 请问下: worker是具体对应到了具体的sgx硬件了吗? 一个Execution Service可以分配多个sgx? 然后runtime是什么含义?我看可以指定default, raw-io,这两个有什么区别吗? 提交到gsx是以什么方式提交的?rust代码吗?各方数据文件是以数据链接+key的方式还是直接加密的数据文件传入的? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/450
Re: [apache/incubator-teaclave] 请问下,mesatee是使用mesapy来支持矩阵操作的吗?现在mesapy支不支持pandas做一些矩阵(表)操作? (#448)
> 1. mesatee是使用mesapy来支持矩阵操作的吗? > > MesaPy 作为 Teaclave 的一个 executor,可以执行 Python function。同时还可以使用 native > executor,也就是用 Rust 编写 builtin function。两种 executor 均可以支持矩阵操作。 > > 1. 现在mesapy支不支持pandas做一些矩阵(表)操作? > > 现在不支持 import pandas。 > > MesaPy 提供了 Python 2 的 builtin types 和 builtin functions 以及一些基本的 > modules。关于问题中的矩阵(表)操作可以通过使用 Python 的基本类型进行。当然,MesaPy 对于 builtin > 库和第三方库的支持还在进行中,希望更多的人能参与贡献。 mesapy的编程文档有吗?就是支持哪些操作?怎么进行操作? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/448#issuecomment-750771439
Re: [apache/incubator-teaclave] 请问下,mesatee是使用mesapy来支持矩阵操作的吗?现在mesapy支不支持pandas做一些矩阵(表)操作? (#448)
比如求交、表join、表过滤之类的数据库操作 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/448#issuecomment-749863416
[apache/incubator-teaclave] 请问下,mesatee是使用mesapy来支持矩阵操作的吗?现在mesapy支不支持pandas做一些矩阵(表)操作? (#448)
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/448
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> > wget http://docker_teaclave-file-service_1:6789 > > --2020-12-16 10:22:58-- http://docker_teaclave-file-service_1:6789/ > > Resolving docker_teaclave-file-service_1 > > (docker_teaclave-file-service_1)... failed: Temporary failure in name > > resolution. > > wget: unable to resolve host address ‘docker_teaclave-file-service_1’ > > docker_teaclave-file-service_1解析不了 > > 这个是在 execution service 的 docker container 里才能 resolve 的域名。通过 fs 这个 network 连接。 谢谢,问题已解决。 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-746001418
[apache/incubator-teaclave] 数据加解密问题 (#445)
请问下: incubator-teaclave-master\tests\fixtures\functions\private_join_and_compute\three_party_data\*.enc下面的加密文件如何获得的,加密文件在tee里面是怎么解密的?tee传输回来的数据文件如何解密?整个mesatee的加解密机制是如何的,有相关资料吗? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/445
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> > wget http://docker_teaclave-file-service_1:6789 > > --2020-12-16 10:22:58-- http://docker_teaclave-file-service_1:6789/ > > Resolving docker_teaclave-file-service_1 > > (docker_teaclave-file-service_1)... failed: Temporary failure in name > > resolution. > > wget: unable to resolve host address ‘docker_teaclave-file-service_1’ > > docker_teaclave-file-service_1解析不了 > > 这个是在 execution service 的 docker container 里才能 resolve 的域名。通过 fs 这个 network 连接。 为什么把localhost改成公网ip也不行呢?一样的报错信息 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-745761272
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> 一个解决方法是修改 docker compose 文件: > > ```diff > diff --git a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > index aa5388d..b0f25aa 100644 > --- a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > +++ b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > @@ -134,6 +134,7 @@ services: >- teaclave-scheduler-service > networks: >internal: > + fs: > >teaclave-scheduler-service-sgx-sim-mode: > build: > @@ -157,6 +158,16 @@ services: > networks: >internal: > > + teaclave-file-service: > +image: python:3 > +volumes: > + - ../tests:/teaclave-file-service > +working_dir: /teaclave-file-service > +entrypoint: ./scripts/simple_http_server.py > +networks: > + fs: > + > networks: >internal: >api: > + fs: > ``` > > service 启动后找到 teaclave-file-service 的名字: > > ``` > $ docker ps > docker ps > CONTAINER IDIMAGECOMMAND > CREATED STATUS PORTS > NAMES > 8f41f56016d9python:3 > "./scripts/simple_ht…" 4 minutes ago Up 4 minutes6789/tcp >docker_teaclave-file-service_1 > ``` > > 修改在 example 的文件地址为:`http://docker_teaclave-file-service_1:5678/xx` 按照你的方法配置了,有问题 wget http://docker_teaclave-file-service_1:6789 --2020-12-16 10:22:58-- http://docker_teaclave-file-service_1:6789/ Resolving docker_teaclave-file-service_1 (docker_teaclave-file-service_1)... failed: Temporary failure in name resolution. wget: unable to resolve host address ‘docker_teaclave-file-service_1’ docker_teaclave-file-service_1解析不了 镜像 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03f3fa28793c docker_teaclave-scheduler-service "./teaclave_schedule…" 32 minutes ago Up 32 minutes 17780/tcp teaclave-scheduler-service 3ec63834b9d1 python:3 "./scripts/simple_ht…" 32 minutes ago Up 14 minutes docker_teaclave-file-service_1 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-745724281
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> 一个解决方法是修改 docker compose 文件: > > ```diff > diff --git a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > index aa5388d..b0f25aa 100644 > --- a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > +++ b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > @@ -134,6 +134,7 @@ services: >- teaclave-scheduler-service > networks: >internal: > + fs: > >teaclave-scheduler-service-sgx-sim-mode: > build: > @@ -157,6 +158,16 @@ services: > networks: >internal: > > + teaclave-file-service: > +image: python:3 > +volumes: > + - ../tests:/teaclave-file-service > +working_dir: /teaclave-file-service > +entrypoint: ./scripts/simple_http_server.py > +networks: > + fs: > + > networks: >internal: >api: > + fs: > ``` > > service 启动后找到 teaclave-file-service 的名字: > > ``` > $ docker ps > docker ps > CONTAINER IDIMAGECOMMAND > CREATED STATUS PORTS > NAMES > 8f41f56016d9python:3 > "./scripts/simple_ht…" 4 minutes ago Up 4 minutes6789/tcp >docker_teaclave-file-service_1 > ``` > > 修改在 example 的文件地址为:`http://docker_teaclave-file-service_1:5678/xx` wget http://docker_teaclave-file-service_1:6789 --2020-12-16 10:22:58-- http://docker_teaclave-file-service_1:6789/ Resolving docker_teaclave-file-service_1 (docker_teaclave-file-service_1)... failed: Temporary failure in name resolution. wget: unable to resolve host address ‘docker_teaclave-file-service_1’ docker_teaclave-file-service_1解析不了 镜像 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 03f3fa28793c docker_teaclave-scheduler-service "./teaclave_schedule…" 32 minutes ago Up 32 minutes 17780/tcp teaclave-scheduler-service 3ec63834b9d1 python:3 "./scripts/simple_ht…" 32 minutes ago Up 14 minutes docker_teaclave-file-service_1 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-745721253
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> 一个解决方法是修改 docker compose 文件: > > ```diff > diff --git a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > index aa5388d..b0f25aa 100644 > --- a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > +++ b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml > @@ -134,6 +134,7 @@ services: >- teaclave-scheduler-service > networks: >internal: > + fs: > >teaclave-scheduler-service-sgx-sim-mode: > build: > @@ -157,6 +158,16 @@ services: > networks: >internal: > > + teaclave-file-service: > +image: python:3 > +volumes: > + - ../tests:/teaclave-file-service > +working_dir: /teaclave-file-service > +entrypoint: ./scripts/simple_http_server.py > +networks: > + fs: > + > networks: >internal: >api: > + fs: > ``` > > service 启动后找到 teaclave-file-service 的名字: > > ``` > $ docker ps > docker ps > CONTAINER IDIMAGECOMMAND > CREATED STATUS PORTS > NAMES > 8f41f56016d9python:3 > "./scripts/simple_ht…" 4 minutes ago Up 4 minutes6789/tcp >docker_teaclave-file-service_1 > ``` > > 修改在 example 的文件地址为:`http://docker_teaclave-file-service_1:5678/xx` ERROR: for docker_teaclave-file-service_1 Cannot start service teaclave-file-service: OCI runtime create failed: container_linux.go:349: starting container process causRecreating teaclave-scheduler-service ... done teaclave-execution-service is up-to-date ERROR: for teaclave-file-service Cannot start service teaclave-file-service: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: "./scripts/simple_http_server.py": permission denied": unknown ERROR: Encountered errors while bringing up the project. 启动service teaclave-file-service报错? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-745713073
Re: [apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
> 请问你是如何启动 teaclave services 的? (cd docker && docker-compose -f docker-compose-ubuntu-1804-sgx-sim-mode.yml up --build) docker-compose启动的 builtin_face_detection.py builtin_online_decrypt.py这些都能运行成功。看了以下差异好像是builtin_face_detection.py builtin_online_decrypt.py直接输出结果,builtin_gbdt_train.py是往链接里写数据? 运行/incubator-teaclave/tests/scripts/simple_http_server.py使链接http://localhost:6789/fixtures/functions/gbdt_training/train.enc能够访问。 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444#issuecomment-745695614
[apache/incubator-teaclave] 运行builtin_gbdt_train.py出现以下报错,是什么问题呢 (#444)
使用模拟模式运行gbdt示例,出现报错 运行命令:$SGX_MODE=SW PYTHONPATH=../../sdk/python python3 builtin_gbdt_train.py 出现错误: 'result': {'result': {'Err': {'reason': 'ocall error = 1' 这是什么问题呢? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/444