Avalon does not work with the master branch of Graphene

[sourabh-natesh]

Description of the issue

Avalon is not working with the latest master of Graphene due to an issue with importing the crypto libraries required by Avalon. While starting the python worker, it is crashing while importing the pyCryptodome library.

Steps to reproduce

Follow the steps to build the python worker here and then start it by running:

docker-compose -f docker-compose.yaml -f compose/graphene-sgx.yaml up

Expected Results

All the libraries should be imported and the code should run properly.

Actual Results

The python worker crashes with the following error while importing the Cryptodome library:

File "/usr/local/bin/wo-processor", line 7, in <module>
   from avalon_worker.work_order_processor import main
File "/usr/local/lib/python3.6/dist-packages/avalon_worker/work_order_processor.py", line 24, in <module>
  import avalon_worker.crypto.worker_encryption as worker_encryption
File "/usr/local/lib/python3.6/dist-packages/avalon_worker/crypto/worker_encryption.py", line 19, in <module>
  from Cryptodome.PublicKey import RSA
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/PublicKey/RSA.py", line 42, in <module>
  from Cryptodome.Math.Numbers import Integer
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Math/Numbers.py", line 34, in <module>
  from Cryptodome.Math._IntegerGMP import IntegerGMP as Integer
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Math/_IntegerGMP.py", line 98, in <module>
  lib = load_lib("gmp", gmp_defs)
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Util/_raw_api.py", line 176, in load_lib
  full_name = find_library(name)
File "/usr/lib/python3.6/ctypes/util.py", line 313, in find_library
  return _findSoname_ldconfig(name) or \
File "/usr/lib/python3.6/ctypes/util.py", line 283, in _findSoname_ldconfig
  res = re.search(regex, p.stdout.read())
File "/usr/lib/python3.6/re.py", line 182, in search
    return _compile(pattern, flags).search(string)
TypeError: expected string or bytes-like object

[manju956]

Description of the issue

Avalon is not working with the latest master of Graphene due to an issue with importing the crypto libraries required by Avalon. While starting the python worker, it is crashing while importing the pyCryptodome library.

Steps to reproduce

Follow the steps to build the python worker here and then start it by running:

docker-compose -f docker-compose.yaml -f compose/graphene-sgx.yaml up

Expected Results

All the libraries should be imported and the code should run properly.

Actual Results

The python worker crashes with the following error while importing the Cryptodome library:

File "/usr/local/bin/wo-processor", line 7, in <module>
   from avalon_worker.work_order_processor import main
File "/usr/local/lib/python3.6/dist-packages/avalon_worker/work_order_processor.py", line 24, in <module>
  import avalon_worker.crypto.worker_encryption as worker_encryption
File "/usr/local/lib/python3.6/dist-packages/avalon_worker/crypto/worker_encryption.py", line 19, in <module>
  from Cryptodome.PublicKey import RSA
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/PublicKey/RSA.py", line 42, in <module>
  from Cryptodome.Math.Numbers import Integer
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Math/Numbers.py", line 34, in <module>
  from Cryptodome.Math._IntegerGMP import IntegerGMP as Integer
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Math/_IntegerGMP.py", line 98, in <module>
  lib = load_lib("gmp", gmp_defs)
File "/usr/local/lib/python3.6/dist-packages/Cryptodome/Util/_raw_api.py", line 176, in load_lib
  full_name = find_library(name)
File "/usr/lib/python3.6/ctypes/util.py", line 313, in find_library
  return _findSoname_ldconfig(name) or \
File "/usr/lib/python3.6/ctypes/util.py", line 283, in _findSoname_ldconfig
  res = re.search(regex, p.stdout.read())
File "/usr/lib/python3.6/re.py", line 182, in search
    return _compile(pattern, flags).search(string)
TypeError: expected string or bytes-like object

By looking at the command, you seem to be getting this issue while running fibonacci workload (without Avalon).
We haven't tested graphene workloads against graphene latest master. While we test it, could you please share python manifest file changes in python worker?

[sourabh-natesh]

Hi @manju956 ,
I have not made any changes to the python manifest file. I have just added the SPID. My python.manifest is as follows:

sgx.allow_file_creation = 1
# Set the virtual memory size of the SGX enclave. For SGX v1, the enclave
# size must be specified upfront. If Python worker needs more
# virtual memory than the enclave size, Graphene will not be able to
# allocate it.
sgx.enclave_size = "256M"
sgx.thread_num = 8
sgx.file_check_policy = "allow_all_but_log"

# Request remote attestation functionality from Graphene
sgx.remote_attestation = 1

# Specify your SPID and linkable/unlinkable attestation policy
sgx.ra_client_spid = "4559436813665C99DF8EE1BA9FDA3868"
sgx.ra_client_linkable = 1

However, I had to make some changes to the build_gsc_python_worker.sh to make it compatible with the latest version of graphene.

Here in the latest gsc.py file, it expects only one manifest file.

So in the build_gsc_python_worker.sh file, I made the following changes from lines numbers 40-63:

# Manifest files
MANIFEST_FILE="${TCF_HOME}/tc/graphene/python_worker/graphene_sgx/manifest/python.manifest"

# Build image
echo "Build unsigned GSC image"
./gsc build --insecure-args $IMAGE_NAME $MANIFEST_FILE