Hello world sample errors in the Mystikos base container

[jxyang]

To repro:

1. Build the base container with .jenkins/docker/base/build.sh
2. docker run -it --device /dev/sgx/enclave:/dev/sgx/enclave --device /dev/sgx/provision:/dev/sgx/provision docker.io/library/mystikos-bionic:latest
3. Inside the container:

   apt update && apt install -y docker.io git build-essential make cryptsetup-bin
   git clone https://github.com/deislabs/mystikos.git
   cd mystikos/samples/helloworld/cpiorootfs
   make && make run
   

Here is the output:

>> root@168c40899d1e:/mystikos/samples/helloworld/cpiorootfs# make run
echo "Generating a signed package"
Generating a signed package
Created myst/bin/hello

echo "Running Mystikos packaged application. No myst exec-sgx necessary"
Running Mystikos packaged application. No myst exec-sgx necessary
./myst/bin/hello red green blue
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
2022-02-16T21:13:22+0000.372126Z [(H)ERROR] tid(0x7f70dba65b80) | SGX AESM service unavailable (oe_result_t=OE_SERVICE_UNAVAILABLE) [/source/mystikos/third_party/openenclave/openenclave/host/sgx/sgxquote.c:_load_quote_ex_library_once:479]
Hello world!
I received: argv[0]={/bin/hello}, argv[1]={red}, argv[2]={green}, argv[3]={blue}
=== passed test (/bin/hello)

[CyanDevs]

For in-proc attestation for the specific Mystikos sample here, the libsgx-dcap-ql-dev library seems to be required and is not on the base container by default. Installing the library resolves the issue. However, Open Enclave does not require this library for their samples.

It would be good to know why Mystikos requires the extra dev library here, as I'd like to avoid adding dev packages into the base container.

[radhikaj]

@salsal97 has update the docker sample to use the Mystikos base image in PR #1281.

The task that remains is understanding why SGX_AESM_ADDR is not needed for out of proc attestation in Mystikos. This is assigned to @radhikaj