Comments (10)
Looks you are not using this OOT driver but the DCAP driver/in-kernel driver. Please try to add your user id to group sgx_prv with below command:
Add the user running the process to the sgx_prv group:
$ sudo usermod -a -G sgx_prv <user name>
from linux-sgx-driver.
That's the first thing I tried actually, that didn't seem to work. To add some more context, I am trying to run this as an OCALL in open-enclave. (as part of a host function)
from linux-sgx-driver.
Not quite sure about your usage. If you are trying to loading an enclave that requiring provision key access, you may get the above error. Then you can try to check whether the device has correct permission:
$ ls /dev/sgx* -l
crw-rw-rw- root root /dev/sgx/enclave
crw-rw---- root sgx_prv /dev/sgx/provision
If yes, suppose after you add your user id to group sgx_prv, the error should be gone.
from linux-sgx-driver.
Thanks for the reply. I think the issue is due to enclave_alloc calling:
It returns EACCESS quite generally here, which triggers the print statement. I am trying to implement edmm support inside OpenEnclave
from linux-sgx-driver.
OK. Are you using the DCAP driver? In my memory, DCAP driver doesn't support EDMM. So you need to use in-kernel driver instead for the edmm feature.
from linux-sgx-driver.
Thank you. How can you tell whether you use the DCAP driver or in-kernel? Here's my output
crw-rw-rw- 1 root root 10, 125 Apr 12 14:38 /dev/sgx_enclave
crw-rw---- 1 root sgx_prv 10, 126 Apr 12 14:38 /dev/sgx_provision
crw------- 1 root root 10, 124 Apr 12 14:38 /dev/sgx_vepc
/dev/sgx:
total 0
lrwxrwxrwx 1 root root 14 Apr 12 14:38 enclave -> ../sgx_enclave
lrwxrwxrwx 1 root root 16 Apr 12 14:38 provision -> ../sgx_provision
from linux-sgx-driver.
Hi @alexthomas1.
The easiest way to check is using dmesg, ie:
sudo dmesg | grep -i sgx
If you get an output of simply the EPC space, you're using the in-kernel driver, ie:
sudo dmesg | grep -i sgx
[ 11.769850] sgx: EPC section 0x4060000000-0x7fff3fefff
If you get more output that is preceded by "intel_sgx:", you're using the DCAP driver, ie:
sudo dmesg | grep -i sgx
[ 264.595989] intel_sgx: loading out-of-tree module taints kernel.
[ 264.596018] intel_sgx: module verification failed: signature and/or required key missing - tainting kernel
[ 264.596219] intel_sgx: EPC section 0x60300000-0x77cfffff
[ 264.597220] intel_sgx: Intel SGX DCAP Driver v1.41
FYI, you would have had to download and install the DCAP driver manually.
Regards.
Scott
from linux-sgx-driver.
Thanks, I am using the in-kernel driver.
from linux-sgx-driver.
Ok, good. But one more cavate about EDMM + in-kernel driver.... EDMM support wasn't introduced in the in-kernel driver until v6.0. Please make sure you have at least that version.
uname -a
Can confirm...
Scott
from linux-sgx-driver.
Yes, I have at least Kernel 6.0. I ran the EDMM tests in the external library and it worked. Currently, I ported all of the EDMM logic (EMA, etc.) in-enclave. I then ran sgx_mm_init on open-enclave's base address and end address; however, I believe sgx_mm_init relies on the guard page layout (?) https://github.com/intel/sgx-emm/blob/08ec21c04047a52eed016e62f077509ab6d650e8/emalloc.c#L426
However it seems like in the most recent commit, sgx_mm_init no longer reserves memory? intel/sgx-emm@08ec21c
from linux-sgx-driver.
Related Issues (20)
- Enclave creation fails with out of memory. Unable to run sample code HOT 1
- cant found isgx.ko HOT 1
- New release? HOT 2
- "Failed to load enclave." error with Centos7.8 release HOT 2
- WSL2 - Which should I choose as my installation method HOT 1
- Why do we need to grab a enclave lock during do fault?
- About the driver's stability through reboots HOT 3
- Linux sgx driver 2.14 tag name HOT 1
- /dev/isgx does not get installed HOT 6
- make fails: Skipping BTF generation for ...isgx.ko due to unavailability of vmlinux HOT 4
- It's not possible to get more than one page fault on a single page on an EDMM system HOT 1
- How to add driver module in Linux Kernel 5.17? HOT 5
- win的SGX SDK无法下载 HOT 1
- EACCEPT returns SGX_PAGE_ATTRIBUTES_MISMATCH
- linux-sgx-driver compilation fails when the kernel version is 6.4. HOT 2
- Non FLC SGX device, Linux Kernel 5.15
- Illegal 32bit value shift during initialization
- run ./sgx_linux_x64_driver_1.36.2.bin error HOT 2
- Error in sgx_main.c - Assignment of Read-Only Member vm_flags on Branch 2.14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linux-sgx-driver.