Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)
Closed #495 via #496. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495#event-4576026099
Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)
@mssun Thank you very much, this really works! But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf. Then I ran Teaclave in simulation mode. The strange thing is that running command: ```SGX_MODE=SW PYTHONPATH=../../sdk/python python3 builtin_echo.py 'Hello, Teaclave!'``` was smooth, but the following error appears when I run ```cargo test``` in sdk/rust/, and the log error is given later. I believe there is a problem with authentication, but python can run but rust cannot be very puzzling. ``` running 6 tests test tests::test_approve_task ... FAILED test tests::test_assign_data ... FAILED test tests::test_assign_data_err ... FAILED test tests::test_frontend_service ... FAILED test tests::test_frontend_service_with_request ... FAILED test tests::test_authentication_service ... FAILED failures: tests::test_approve_task stdout thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace tests::test_assign_data stdout thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63 tests::test_assign_data_err stdout thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63 tests::test_frontend_service stdout thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63 tests::test_frontend_service_with_request stdout thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63 tests::test_authentication_service stdout thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51 failures: tests::test_approve_task tests::test_assign_data tests::test_assign_data_err tests::test_authentication_service tests::test_frontend_service tests::test_frontend_service_with_request test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out ``` ``` teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message { teaclave-authentication-service-sgx-sim-mode| typ: Alert, teaclave-authentication-service-sgx-sim-mode| version: TLSv1_2, teaclave-authentication-service-sgx-sim-mode| payload: Alert( teaclave-authentication-service-sgx-sim-mode| AlertMessagePayload { teaclave-authentication-service-sgx-sim-mode| level: Fatal, teaclave-authentication-service-sgx-sim-mode| description: BadCertificate, teaclave-authentication-service-sgx-sim-mode| }, teaclave-authentication-service-sgx-sim-mode| ), teaclave-authentication-service-sgx-sim-mode| } teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected. ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815411254
Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)
@mssun Thank you very much, this really works! But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf. Then I ran Teaclave in simulation mode. The strange thing is that my command is normal, but the following error appears when I run cargo test in sdk/rust/, and the log error is given later. I believe there is a problem with authentication, but python can run but rust cannot be very puzzling. ``` running 6 tests test tests::test_approve_task ... FAILED test tests::test_assign_data ... FAILED test tests::test_assign_data_err ... FAILED test tests::test_frontend_service ... FAILED test tests::test_frontend_service_with_request ... FAILED test tests::test_authentication_service ... FAILED failures: tests::test_approve_task stdout thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace tests::test_assign_data stdout thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63 tests::test_assign_data_err stdout thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63 tests::test_frontend_service stdout thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63 tests::test_frontend_service_with_request stdout thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63 tests::test_authentication_service stdout thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51 failures: tests::test_approve_task tests::test_assign_data tests::test_assign_data_err tests::test_authentication_service tests::test_frontend_service tests::test_frontend_service_with_request test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out ``` ``` teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message { teaclave-authentication-service-sgx-sim-mode| typ: Alert, teaclave-authentication-service-sgx-sim-mode| version: TLSv1_2, teaclave-authentication-service-sgx-sim-mode| payload: Alert( teaclave-authentication-service-sgx-sim-mode| AlertMessagePayload { teaclave-authentication-service-sgx-sim-mode| level: Fatal, teaclave-authentication-service-sgx-sim-mode| description: BadCertificate, teaclave-authentication-service-sgx-sim-mode| }, teaclave-authentication-service-sgx-sim-mode| ), teaclave-authentication-service-sgx-sim-mode| } teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected. ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815410272
Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)
Thank you very much, this really works! But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf. Then I ran Teaclave in simulation mode. The strange thing is that my command is normal, but the following error appears when I run cargo test in sdk/rust/, and the log error is given later. I believe there is a problem with authentication, but python can run but rust cannot be very puzzling. ``` running 6 tests test tests::test_approve_task ... FAILED test tests::test_assign_data ... FAILED test tests::test_assign_data_err ... FAILED test tests::test_frontend_service ... FAILED test tests::test_frontend_service_with_request ... FAILED test tests::test_authentication_service ... FAILED failures: tests::test_approve_task stdout thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace tests::test_assign_data stdout thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63 tests::test_assign_data_err stdout thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63 tests::test_frontend_service stdout thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63 tests::test_frontend_service_with_request stdout thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63 tests::test_authentication_service stdout thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51 failures: tests::test_approve_task tests::test_assign_data tests::test_assign_data_err tests::test_authentication_service tests::test_frontend_service tests::test_frontend_service_with_request test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out ``` ``` teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message { teaclave-authentication-service-sgx-sim-mode| typ: Alert, teaclave-authentication-service-sgx-sim-mode| version: TLSv1_2, teaclave-authentication-service-sgx-sim-mode| payload: Alert( teaclave-authentication-service-sgx-sim-mode| AlertMessagePayload { teaclave-authentication-service-sgx-sim-mode| level: Fatal, teaclave-authentication-service-sgx-sim-mode| description: BadCertificate, teaclave-authentication-service-sgx-sim-mode| }, teaclave-authentication-service-sgx-sim-mode| ), teaclave-authentication-service-sgx-sim-mode| } teaclave-authentication-service-sgx-sim-mode| [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected. ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815409772
Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)
Hi, thanks for your report. I have found the cause. We defines all container names of services in simulation mode as `xxx-sgx-sim-mode` (e.g., `teaclave-storage-service-sgx-sim-mode`). Therefore, to start the services in sim mode using docker compose. You have to change the `docker/runtime.config.toml` file accordingly by adding the `-sgx-sim-mode` suffix. Change the `docker/runtime.config.toml` file from: ``` authentication = { listen_address = "0.0.0.0:17776", advertised_address = "teaclave-authentication-service:17776" } management = { listen_address = "0.0.0.0:1", advertised_address = "teaclave-management-service:1" } storage= { listen_address = "0.0.0.0:17778", advertised_address = "teaclave-storage-service:17778" } access_control = { listen_address = "0.0.0.0:17779", advertised_address = "teaclave-access-control-service:17779" } execution = { listen_address = "0.0.0.0:17770", advertised_address = "teaclave-execution-service:17770" } scheduler = { listen_address = "0.0.0.0:17780", advertised_address = "teaclave-scheduler-service:17780" } ``` to ``` authentication = { listen_address = "0.0.0.0:17776", advertised_address = "teaclave-authentication-service-sgx-sim-mode:17776" } management = { listen_address = "0.0.0.0:1", advertised_address = "teaclave-management-service-sgx-sim-mode:1" } storage= { listen_address = "0.0.0.0:17778", advertised_address = "teaclave-storage-service-sgx-sim-mode:17778" } access_control = { listen_address = "0.0.0.0:17779", advertised_address = "teaclave-access-control-service-sgx-sim-mode:17779" } execution = { listen_address = "0.0.0.0:17770", advertised_address = "teaclave-execution-service-sgx-sim-mode:17770" } scheduler = { listen_address = "0.0.0.0:17780", advertised_address = "teaclave-scheduler-service-sgx-sim-mode:17780" } ``` Then, services in docker can resolve IPs with these advertised addresses. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815347102
[apache/incubator-teaclave] run Teaclave in sim_mod (#495)
Run command (cd docker && docker-compose -f docker-compose-ubuntu-1804-sgx-sim-mode.yml up --build) Results in the error: teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:16:37Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 4 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:16:46Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 5 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:16:55Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 6 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:04Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 7 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:13Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 8 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:22Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 9 teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z ERROR teaclave_frontend_service_enclave] Failed to start the service: failed to connect to authentication service teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111, 114, 34, 125] teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_frontend_service_enclave] handle_invoke teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_service_enclave_utils] Enclave finalizing teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125] teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_binder::binder] Dropping TeeBinder, start finalize(). teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID teaclave-frontend-service-sgx-sim-mode | [2021-04-06T06:17:31Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID)) teaclave-frontend-service-sgx-sim-mode exited with code 0 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/issues/495