ok thanks~
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/690#issuecomment-1537587042
You are receiving this because you are subscribed to this thread.
Message ID:
Closed #690 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/690#event-9185281143
You are receiving this because you are subscribed to this thread.
Message ID:
好的,明白
那还有个问题,你上面说到的当enclave被加载时,硬件会进行验证,被篡改的enclave.so会被拒绝。这个过程是怎么进行的?加载时如果enclave.so被篡改了,那里面的公钥也会跟着发生变化,然后硬件验证的时候会使用签名时的私钥对这个公钥进行验证,是这样吗还是?
--
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/690#issuecomment-1537080825
You are receiving
哦哦
就是在sgx_sign的时候使用enclave_signing_key.pem对其进行签名之后生成的enclave.sign.so/enclave.so这个库里面就自动包含有了enclave_signing_key.pem对应的公钥了是吗?
然后如果是这样的话,那enclave.sign.so/enclave.so这个库文件如果被其他人拿到,那其他人会不会窃取到里面的信息比如里面的程序代码?
--
Reply to this email directly or view it on GitHub:
编译enclave程序的时候,比如frontend的enclave,我看到脚本sgx_link_sign上是使用了enclave_signing_key.pem
来对其进行签名生成一个签名共享库sign.so.
有两个问题
1、这个enclave_signing_key.pem是在哪里进行生成的没找到?还是说自己线下使用opessl就可以生成 不需要任何sgxsdk的参与?
2、app启动enclave的时候 我看到最后的binder.rs SgxEnclave::create
你好,是这样的。
我在一台可以联网的机器(intel无sgx模块,xeon e5-2650 v4),以Simulation
Mode安装部署teaclave,得到docker_teaclave-exectuion-service、docker_teaclave-accesss-control-service等7个docker镜像,我把这7个镜像都保存起来,然后放到其他的机器上进行docker
load
有两台机器 (都不可联网)
一台是 酷睿i7-9750H:这台机器docker load了这7个镜像之后,然后使用docker-compose
Closed #506.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/506#event-4894877030
请问有离线安装方式吗?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/506
1/2、实际上整个execution-service(enclave端)服务已经在sgx环境上跑了,所以整个execution-service(enclave端)是在可信环境上执行
3、runtime的作用就是用来给你的文件数据进行解密获取,加密写出。比如mesapy的with teaclave_open("label","rb") as
f: 最终会调用runtime的open_input获取解密后的数据,with teaclave_open("label","wb") as f:
则最终调用runtime的create_output将要写入的数据进行加密然后写到文件default
> 提交到gsx是以什么方式提
1/2、实际上整个execution-service(enclave端)服务已经在sgx环境上跑了,所以整个execution-service(enclave端)是在可信环境上执行
3、runtime的作用就是用来给你的文件数据进行解密获取,加密写出。比如mesapy的with teaclave_open("label","rb") as
f: 最终会调用runtime的open_input获取解密后的数据,with teaclave_open("label","wb") as f:
我看到这里的源码
一次只能拉取一个准备执行的任务,这里为什么不能做一次拉取多次任务比如5次,然后5次都是并发执行,然后主线程等待这5次线程执行完毕再循环下一次?
这样看execution-service一次只能执行一个task,这好像效率不是很高。是因为什么不能做并发执行呢?
Closed #443.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/443#event-4134561825
我是这样提交的,因为其他方案对我无效 所以我采用以下方案,不知是否有问题?
在teaclve主仓库下执行以下:
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
我添加了一下第三方依赖到crates-io的vendor上,在A服务器编译成功了,然后我提交代码(第三方源)到我的git
crates-io仓库中,teaclave主仓库也更新了crates-io。
然后我再另外一台B机器上安装编译teaclave时,发现会出现crates-io中的依赖会出现list checksum的问题
说这个文件期待值是某个hash值 但实际上是这个hash值(.cargo-checksum.json)。
我把A机器上的crates-io整个vendor目录拷贝到B服务器上的crates-io就没问题了。
Closed #435.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#event-4044120142
> @gaojunjie03 应该没有问题
> 换句话说,就是你的ulimit没有起作用
是的 没有作用
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#issuecomment-730059087
我在对应ocall/ecall函数的服务app/main.rs 新建了个线程并修改stack_size方法,可以了。
这样应该不会对底层有什么影响吧? 走了一下流程是通的
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly
好的
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#issuecomment-729495027
其他teaclave所有服务都修改成unlimited 也还是不行。
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#issuecomment-729490078
针对teaclave 是修改docker容器内(teaclave_execution_service)的ulimit吧?
我修改为-1
容器内的ulimit -a 对应的stack size已经是unlimited了
好的! 我试试 谢谢
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#issuecomment-729397463
代码在少数据量的情况下测试是可以的
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/435#issuecomment-729365862
我调整到这个地步了 要求内存10g(这样看上去是足够得了 而且也有很多内存浪费)
但依然报这个stack overflow的错误。
代码如下(ocall):
enclave端:
Closed #430.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/430#event-4004517953
我模仿了teaclave的ecall_ipc_app_to_tee 这个ecall函数编写了个ocall函数,ocall函数会可能会返回一个很长的字符串。
现在这里这个
如果设置过大,底层会报错并自动退出execution_service服务.
Closed #434.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/434#event-3998773487
oh i know that
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/434#issuecomment-727787423
Reopened #434.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/434#event-3998646780
I write an ocall function on the app of execution.
And then in enclave_ fa.edl, This ocall function declaration is added to the
untrusted area of the file. Then I went to executor/src/builtin.rs The ocall
function is introduced by using extern "C".
when i compile ,it go wrong :
undefined
My plan now is to write a golang dynamic library, which provides golang
computing tasks. Then connect the dynamic library to execution_service
(executor), I found that the connection action is in cmake/scripts/sgx_ link_
sign.sh So I add dynamic library connection to this script
now teaclave have builtin and mesapy executor .
I want to customize an executor myself, Does this custom executor need to
implement SGX like mesapy to join teaclave?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Closed #427.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/427#event-3945810959
> In short, you cannot use third-party Rust crates which are not in the
> `third_party/crates-sgx` directory.
>
> For your case, if you want to use ndarray, you need to vendor ndarray-sgx
> (https://github.com/mesalock-linux/ndarray-sgx) in the `crates-sgx` directory.
ok i'll try.
Can you
> You can start more execution services, that is to say, providing more
> function workers.
Is to add another teaclave execution service = = > teaclave-execution-service2
(expose:17771) in docker-compose-ubuntu-1804.yml file 。
Then
`docker-compose -f docker-compose-ubuntu-1804.yml start
> services
ok i'll try
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/425#issuecomment-708148266
Now I have a task that takes a long time to execute. If I submit other tasks
that do not take a long time, they will affect each other. The task that was
not executed for a long time will take a long time to complete
So is there a configuration to configure concurrent execution of tasks?
--
Closed #421.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/421#event-3777231793
mesapy添加了自定义模块后,teaclave这边要怎么同步mesapy?
是需要重新执行
`docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-1804-sgx-2.9.1:latest \
bash -c ". /root/.cargo/env && \
. /opt/sgxsdk/environment && \
mkdir -p build && cd build && \
cmake -DTEST_MODE=ON ..
Because teaclave was unable to debug our Python scripts, I deployed measy to
develop scripts separately, and I encountered problems here:
When I use teaclave_open method, the file cannot be read and the file cannot
be written out. Where is the read file? Where are the documents written
--
not work.
After modifying this file, it is executed
`docker-compose -f docker-compose-ubuntu-1804.yml up --build` ?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
I only modified the Enclave.config.xml of executionservice, it need all
services to be modified?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/419#issuecomment-689953955
Closed #410.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/410#event-3702839475
Since numpy and _numpyy are used differently, can u list the usage of _numpyy ?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/410
ok thank. i will check it out.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/405#issuecomment-675179226
Closed #405.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/405#event-3664058025
First of all, there is a requirement: use SQL ability to fuse multi-party data
to get a result set output, such as the personnel financial data of Party A and
the personnel consumption data of Party B, and finally fuse the result set of
AB and Party B according to the left/right/inner join of
非Simulation Mode
哦哦 我尝试了下要在平台方那边对A方和B方再次approve_task 就可以了
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/401#issuecomment-669106197
Closed #401.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/401#event-3623971356
A方和B方的example\python\utils.py 的HOSTNAME 我改成了平台方的ip
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/401#issuecomment-669080296
> 可以单独编译teaclave_cli
> `$ cd cli`
> `$ cargo build`
可以! 感谢
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/400#issuecomment-668970292
或者是否可以单独编译teaclave_cli?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/400#issuecomment-668929444
现在我已知的数据文件加密解密是通过./teaclave-cli
encrypt/decrypt来生成的,也就是我其他方的数据文件必须得拷贝到teaclave所在服务器上才能进行加密和解密。
现在有个问题就是我的数据文件明文可能并不想直接拷贝到teaclave所在服务器上进行解密,因为个人隐私问题。是否能提供这种功能?
如:./teaclave_cli encrypt --algorithm teaclave-file-128 --input-file
http://192.168.4.143:/teaclave/guest_student_data.csv --key
Restart the system again, and then restart teaclave to start normally. Maybe
there is something wrong with the operating system. Next time something goes
wrong, I'll take a screenshot, thanks
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or
Closed #376.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/376#event-3504774820
It's not until you restart it many times. maybe got luck?Is the service
unstable?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/376#issuecomment-652287087
this time no more sgx error
but
it looks like no communication between services .
After executing the start command many times, it is still reported that there
is no communication between services
> Hi, any update on this issue?
you can close this one
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/366#issuecomment-652130552
> sudo systemctl restart aesmd
it work. thanks
but next time when i reboot the system.
i have to continue to reload SGX_ Driver and restart aesmd?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
> There is something wrong with your SGX environment. Please check if the SGX
> device (`/dev/isgx`) still exists.
>
> Also, I'll come up a fix to provide more information on the error.
The SGX environment and teaclave of the server were running normally. Later,
after the server was shut down
docker-compose -f docker-compose-ubuntu-1804.yml up --build
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
but
It's really a non-existent error. but It exists in the local system
--
> I saw an "ocall error" in the response. Maybe this is from the file agent.
> Since you are saying about using `file://` scheme, I guess this is because
> your registered file does not exist on the file system of the execution
> service.
It exists in the local system
--
You are receiving
It exists.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/366#issuecomment-647245957
make run-tests work。 i use the local file "file://" to register_input_file and
register_output_file. is that a problem ?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
In simulation mode
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
> After building the platform, all compilation output will be copied to the
> `release/` directory. The CLI will be at `release/cli/teaclave_cli`.
ok find it.
but
`./teaclave_cli: error while loading shared libraries: libcrypto.so.1.1: cannot
open shared object file: No such file or
> Thanks, that's a good suggestion! We had a more complex example of
> implementing a logistic regression with Python in our previous legacy version
> (https://github.com/apache/incubator-teaclave/blob/legacy/examples/py_logistic_reg/payload.py).
> If you have interest to contribute, I can help
69 matches
Mail list logo
