-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE #205
Comments
Hi, |
thank you very much, we can see the output below. /etc/sgx_default_qcnl.conf lscpu sh -c dmesg | grep microcode sh -c lsmod | grep -i sgx sh -c dmesg | grep -i sgx service aesmd status Apr 19 22:28:30 SGX-Server-Blockchain-Lab systemd[1]: Starting Intel(R) Architectural Enclave Service Manager... sh -c apt list --installed | grep -e sgx -e dcap stdbuf -oL ./testapp_host enclave.signed stdbuf -oL ./testapp_host enclave.signed docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/isgx ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave_debug.signed docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/isgx ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave.signed CPU name Intel(R) Xeon(R) Platinum 8369B CPU @ 2.70GHz Quote providers: |
You have the legacy isgx driver installed. First, you need to uninstall it. (There should be an uninstall script somewhere in /opt/intel). Then you can either upgrade your kernel to >= 5.11 (recommended) or install the dcap driver. To upgrade your kernel on Ubuntu 20.04, you can If you can't upgrade your kernel, you can get the dcap driver here: https://download.01.org/intel-sgx/latest/dcap-latest/linux/distro/ If you still get (the same or another) error after doing this, please run sgx-troubleshoot again and post the new output. |
I was successful, so thanks for all of your support!
I do, however, have another query for you. I have the following idea: I want to use the SGX as a trustworthy execution environment to allow a node to transmit data and interact with the host. I'm not sure if it can be done with remote_attestation, but I'm not sure how to use it. Could you please provide some technical advice about remote_attestation or other samples that can complete the node's interaction?
looking forward to your reply.
…------------------ 原始邮件 ------------------
发件人: "edgelesssys/ego" ***@***.***>;
发送时间: 2023年4月23日(星期天) 晚上6:44
***@***.***>;
***@***.******@***.***>;
主题: Re: [edgelesssys/ego] ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE (Issue #205)
You have the legacy isgx driver installed. First, you need to uninstall it. (There should be an uninstall script somewhere in /opt/intel).
Then you can either upgrade your kernel to >= 5.11 (recommended) or install the dcap driver.
To upgrade your kernel on Ubuntu 20.04, you can apt install linux-generic-hwe-20.04.
If you can't upgrade your kernel, you can get the dcap driver here: https://download.01.org/intel-sgx/latest/dcap-latest/linux/distro/
If you still get (the same or another) error after doing this, please run sgx-troubleshoot again and post the new output.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I'm unsure what you want to achieve. And I don't know what exactly you mean with node and host. Maybe you can give a small example that makes things clearer. |
It is my fault for not describing you clearly. We can think from another angle:
In remote authentication, there are two roles: client and server; between them, they exchange the key and report, and then communicate, alright? Then we can put this client inside a node, or take the node as a client, here the nod is in fact a node in the blockchain, in the virtual machine is a port number. I think you should have heard about blockchain, a distributed technology. In fact, my idea seems to have been realized, here is a connection, you can see below.
https://github.com/hyperledger/fabric-private-chaincod
I am looking forward to hearing from you.
…------------------ 原始邮件 ------------------
发件人: "edgelesssys/ego" ***@***.***>;
发送时间: 2023年4月24日(星期一) 晚上7:29
***@***.***>;
***@***.******@***.***>;
主题: Re: [edgelesssys/ego] ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE (Issue #205)
I'm unsure what you want to achieve. And I don't know what exactly you mean with node and host. Maybe you can give a small example that makes things clearer.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I got a rough idea of it now, but I'm not sure which problem is not solved yet. Once the client verified the certificate with remote attestation, it can securely connect to the server and they can exchange arbitrary data. |
Yes, you're correct; any data can be delivered if remote authentication is successful. I want to create a channel between the node and the server to exchange the trusted data, but how does that remote-authenticated client in the ego work? Furthermore, I'm not entirely sure how the client is used in remote self-certification, and I'm not sure if it can be viewed as a client controlling the ego.
…------------------ 原始邮件 ------------------
发件人: "edgelesssys/ego" ***@***.***>;
发送时间: 2023年4月25日(星期二) 晚上7:14
***@***.***>;
***@***.******@***.***>;
主题: Re: [edgelesssys/ego] ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE (Issue #205)
I got a rough idea of it now, but I'm not sure which problem is not solved yet. Once the client verified the certificate with remote attestation, it can securely connect to the server and they can exchange arbitrary data.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
The remote_attestation sample also has a client app: https://github.com/edgelesssys/ego/blob/master/samples/remote_attestation/ra_client/client.go |
Thank you for your help.
I got it! if you want to exchange data between client and server, you need to modify ’client. go‘ and ’server. go‘, alright? So I think it is challenging for me! Because I'm not very good at coding.
…------------------ 原始邮件 ------------------
发件人: "edgelesssys/ego" ***@***.***>;
发送时间: 2023年4月25日(星期二) 晚上7:35
***@***.***>;
***@***.******@***.***>;
主题: Re: [edgelesssys/ego] ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE (Issue #205)
The remote_attestation sample also has a client app: https://github.com/edgelesssys/ego/blob/master/samples/remote_attestation/ra_client/client.go
Have you already looked at it? Anything unclear regarding this?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Yes, that's right. |
Issue description
I run the "remote_attestation" in sample in cloud service, however there were something wrong with in it which are shown below:
EGo v1.2.0 (f272b3f)
[erthost] loading enclave ...
[erthost] entering enclave ...
[ego] starting application ...
[load_qe ../qe_logic.cpp:698] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
ERROR: quote3_error_t=SGX_QL_ERROR_INVALID_PRIVILEGE
(oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:714]
ERROR: SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/enclave/sgx/attester.c:_get_report:324]
OE_PLATFORM_ERROR
listening ...
When i run attested_tls sample, the error code is same. Thanks in advance.
The text was updated successfully, but these errors were encountered: