hyperledger-archives/avalon

start aesm failed ? or wrong?

Closed this issue · 14 comments

zhoushuntong commented

Run aesm service on host machine

If you are behind a corporate proxy, uncomment and update the proxy type and aesm proxy lines in /etc/aesmd.conf:

proxy type = manual
aesm proxy = http://your-proxy:your-port

Start the AESM service on the host machine

sudo source /opt/intel/libsgx-enclave-common/aesm/aesm_service

The lase step "start the aesm service on the machine" is sudo source /opt/intel/libsgx-enclave-common/aesm/aesm_service?????

if always wrong , whether we should use the cmd like below?

sudo service aesmd start

zhoushuntong commented

where I can get SPID ? and why my SGX initial failed?

| [06:47:16 INFO avalon_enclave_manager.ias_client] SPID: DEADBEEF00000000DEADBEEF00000000
avalon-lmdb | 2020-05-20 06:47:15,606 - INFO - response[text/plain; charset=utf-8]: b't'
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - Received a new request from the client
avalon-sgx-enclave-manager | [06:47:16 INFO avalon_enclave_manager.ias_client] URL: https://api.trustedservices.intel.com/sgx/dev
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - b'L\nwo-timestamps'
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - ['L', 'wo-timestamps']
avalon-sgx-enclave-manager | [06:47:16 INFO avalon_enclave_manager.ias_client] IAS ApiKey: dc2f279f5268441393ed4a362172750c

avalon_enclave_manager.base_enclave_manager] failed to initialize/signup enclave; Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE
avalon-sgx-enclave-manager | Traceback (most recent call last):
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/base_enclave_manager.py", line 141, in _setup_enclave
avalon-sgx-enclave-manager | EnclaveInfo(self._config.get("EnclaveModule"))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 55, in init
avalon-sgx-enclave-manager | self._initialize_enclave(config)
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 219, in _initialize_enclave
avalon-sgx-enclave-manager | signed_enclave, config['spid'], int(config['num_of_enclaves']))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave.py", line 488, in init
avalon-sgx-enclave-manager | this = _avalon_enclave.new_tcf_enclave_info(enclaveModulePath, spid, num_of_enclaves)
avalon-sgx-enclave-manager | SystemError: Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE

manju956 commented

Run aesm service on host machine

If you are behind a corporate proxy, uncomment and update the proxy type and aesm proxy lines in /etc/aesmd.conf:

proxy type = manual
aesm proxy = http://your-proxy:your-port

Start the AESM service on the host machine

sudo source /opt/intel/libsgx-enclave-common/aesm/aesm_service

The lase step "start the aesm service on the machine" is sudo source /opt/intel/libsgx-enclave-common/aesm/aesm_service?????

if always wrong , whether we should use the cmd like below?

sudo service aesmd start

manju956 commented

where I can get SPID ? and why my SGX initial failed?

| [06:47:16 INFO avalon_enclave_manager.ias_client] SPID: DEADBEEF00000000DEADBEEF00000000
avalon-lmdb | 2020-05-20 06:47:15,606 - INFO - response[text/plain; charset=utf-8]: b't'
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - Received a new request from the client
avalon-sgx-enclave-manager | [06:47:16 INFO avalon_enclave_manager.ias_client] URL: https://api.trustedservices.intel.com/sgx/dev
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - b'L\nwo-timestamps'
avalon-lmdb | 2020-05-20 06:47:15,607 - INFO - ['L', 'wo-timestamps']
avalon-sgx-enclave-manager | [06:47:16 INFO avalon_enclave_manager.ias_client] IAS ApiKey: dc2f279f5268441393ed4a362172750c

avalon_enclave_manager.base_enclave_manager] failed to initialize/signup enclave; Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE
avalon-sgx-enclave-manager | Traceback (most recent call last):
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/base_enclave_manager.py", line 141, in _setup_enclave
avalon-sgx-enclave-manager | EnclaveInfo(self._config.get("EnclaveModule"))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 55, in init
avalon-sgx-enclave-manager | self._initialize_enclave(config)
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 219, in _initialize_enclave
avalon-sgx-enclave-manager | signed_enclave, config['spid'], int(config['num_of_enclaves']))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave.py", line 488, in init
avalon-sgx-enclave-manager | this = _avalon_enclave.new_tcf_enclave_info(enclaveModulePath, spid, num_of_enclaves)
avalon-sgx-enclave-manager | SystemError: Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE

@zhoushuntong - the issue could be due to aesm service. Could you please check aesm service?
Yes, you can use "sudo service aesmd start" to bring up aesm service.

Steps to get SPID and IAS api key are documented in BUILD.md file under section "Standalone: Installing Avalon Using Scripts"

zhoushuntong commented

rigsec@rigsec-Precision-3630-Tower:$ sudo service aesmd start
[sudo] password for rigsec:
rigsec@rigsec-Precision-3630-Tower:$ sudo service aesmd start
rigsec@rigsec-Precision-3630-Tower:~$ sudo service aesmd status
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: en
Active: active (running) since Wed 2020-05-20 11:49:44 CST; 3h 48min ago
Process: 955 ExecStart=/opt/intel/libsgx-enclave-common/aesm/aesm_service (cod
Process: 953 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status
Process: 942 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exit
Process: 937 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status
Process: 933 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exit
Process: 926 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0
Process: 915 ExecStartPre=/opt/intel/libsgx-enclave-common/aesm/linksgx.sh (co
Main PID: 965 (aesm_service)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/aesmd.service
└─965 /opt/intel/libsgx-enclave-common/aesm/aesm_service

5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Starting Intel(R) Archit
5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Started Intel(R) Archite
5月 20 11:49:44 rigsec-Precision-3630-Tower aesm_service[965]: The server sock i
lines 1-18/18 (END)

manju956 commented

Last few service logs are not fully visible. Is the server socket created for aesmd service? If yes, service is up and running.

zhoushuntong commented

● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-05-20 11:49:44 CST; 3h 59min ago
Process: 955 ExecStart=/opt/intel/libsgx-enclave-common/aesm/aesm_service (code=exited, status=0/SUCCESS)
Process: 953 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 942 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 937 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 933 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 926 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 915 ExecStartPre=/opt/intel/libsgx-enclave-common/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
Main PID: 965 (aesm_service)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/aesmd.service
└─965 /opt/intel/libsgx-enclave-common/aesm/aesm_service

5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
5月 20 11:49:44 rigsec-Precision-3630-Tower aesm_service[965]: The server sock is 0x556ddeada990

zhoushuntong commented

I have replace the SPID AND API-key with these I get from intel register account, but SGX still initial error like below

[07:46:13 INFO avalon_enclave_manager.ias_client] Proxy:
avalon-sgx-enclave-manager | [07:46:13 INFO avalon_enclave_manager.ias_client] SPID: A013D83D752EE0D25F8B51CDC2152D35
avalon-lmdb | 2020-05-20 07:46:13,917 - INFO - ['L', 'registries']
avalon-lmdb | 2020-05-20 07:46:13,917 - INFO - response[text/plain; charset=utf-8]: b'l\nregid'
avalon-sgx-enclave-manager | [07:46:13 INFO avalon_enclave_manager.ias_client] URL: https://api.trustedservices.intel.com/sgx/dev
avalon-lmdb | 2020-05-20 07:46:13,918 - INFO - Received a new request from the client
avalon-lmdb | 2020-05-20 07:46:13,918 - INFO - b'R\nregistries\nregid'
avalon-sgx-enclave-manager | [07:46:13 INFO avalon_enclave_manager.ias_client] IAS ApiKey: 4e67ce6df0364f02bc1e80dcfb11906a
avalon-lmdb | 2020-05-20 07:46:13,918 - INFO - ['R', 'registries', 'regid']
avalon-lmdb | 2020-05-20 07:46:13,918 - INFO - response[text/plain; charset=utf-8]: b't'
avalon-sgx-enclave-manager | [07:46:13 INFO avalon_enclave_manager.avalon_enclave_info] Enclave Lib: libtcf-enclave.signed.so
avalon-lmdb | 2020-05-20 07:46:13,920 - INFO - Received a new request from the client
avalon-lmdb | 2020-05-20 07:46:13,920 - INFO - b'S\nregistries\nregid\n{"orgID": "regid", "uri": "http://localhost:2020", "scAddr": "reg_scAddr", "appTypeIds": "reg_appn"}'
avalon-lmdb | 2020-05-20 07:46:13,920 - INFO - ['S', 'registries', 'regid', '{"orgID": "regid", "uri": "http://localhost:2020", "scAddr": "reg_scAddr", "appTypeIds": "reg_appn"}']
avalon-lmdb | 2020-05-20 07:46:13,920 - INFO - response[text/plain; charset=utf-8]: b't'
avalon-sgx-enclave-manager | [07:46:13 INFO avalon_enclave_manager.avalon_enclave_info] Enclave Lib Exists
avalon-sgx-enclave-manager | Initializing Avalon Intel SGX Enclave
avalon-sgx-enclave-manager |
avalon-sgx-enclave-manager | Enclave path: /project/avalon/tc/sgx/trusted_worker_manager/enclave/build/lib/libtcf-enclave.signed.so
avalon-sgx-enclave-manager |
avalon-sgx-enclave-manager | SPID: A013D83D752EE0D25F8B51CDC2152D35
avalon-sgx-enclave-manager |
avalon-lmdb | 2020-05-20 07:46:13,922 - INFO - Received a new request from the client
avalon-lmdb | 2020-05-20 07:46:13,922 - INFO - b'L\nwo-timestamps'
avalon-sgx-enclave-manager | [07:46:13 ERROR avalon_enclave_manager.base_enclave_manager] failed to initialize/signup enclave; Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE
avalon-sgx-enclave-manager | Traceback (most recent call last):
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/base_enclave_manager.py", line 141, in _setup_enclave
avalon-sgx-enclave-manager | EnclaveInfo(self._config.get("EnclaveModule"))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 55, in init
avalon-sgx-enclave-manager | self._initialize_enclave(config)
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave_info.py", line 219, in _initialize_enclave
avalon-sgx-enclave-manager | signed_enclave, config['spid'], int(config['num_of_enclaves']))
avalon-sgx-enclave-manager | File "/usr/local/lib/python3.6/dist-packages/avalon_enclave_manager/avalon_enclave.py", line 488, in init
avalon-sgx-enclave-manager | this = _avalon_enclave.new_tcf_enclave_info(enclaveModulePath, spid, num_of_enclaves)
avalon-sgx-enclave-manager | SystemError: Failed to initialize quote in enclave constructor: INTEL SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE
avalon-lmdb | 2020-05-20 07:46:13,922 - INFO - ['L', 'wo-timestamps']
avalon-lmdb | 2020-05-20 07:46:13,922 - INFO - response[text/plain; charset=utf-8]: b'l\n0x66766fe88bce51a1,0xf5fae451d2049cc4,0xf94d247a0780c88a,0xf9c33e8d80ef5e09,0xf9d87da379a07f91,0xfb2fe4d0d1260459,0xfb71063c1d8ea4f6,0xfb9c64c80b0c0943,0xfd98b4551e4b430b,0xfe1aa7ba577bce43'
avalon-lmdb | 2020-05-20 07:46:13,923 - INFO - Received a new request from the client
avalon-lmdb | 2020-05-20 07:46:13,923 - INFO - b'G\nwo-scheduled\n0x66766fe88bce51a1'

manju956 commented

● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-05-20 11:49:44 CST; 3h 59min ago
Process: 955 ExecStart=/opt/intel/libsgx-enclave-common/aesm/aesm_service (code=exited, status=0/SUCCESS)
Process: 953 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 942 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 937 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 933 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 926 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 915 ExecStartPre=/opt/intel/libsgx-enclave-common/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
Main PID: 965 (aesm_service)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/aesmd.service
└─965 /opt/intel/libsgx-enclave-common/aesm/aesm_service

5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
5月 20 11:49:44 rigsec-Precision-3630-Tower systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
5月 20 11:49:44 rigsec-Precision-3630-Tower aesm_service[965]: The server sock is 0x556ddeada990

Yes, service is up. Get SPID and IAS api key from intel portal as documented and place the values in the config file. Then try to run Avalon.

zhoushuntong commented 
[EnclaveModule]
# Service Provider ID (SPID) is a 32-digit hex string tied to the
# enclave implementation. Replace dummy SPID with value obtained after
\# subscription to run TCS in Intel SGX HW mode.
spid = "A013D83D752EE0D25F8B51CDC2152D35"

num_of_enclaves = "1"

# ias_url is the URL of the Intel Attestation Service (IAS) server.
ias_url = "https://api.trustedservices.intel.com/sgx/dev"

# Proxy for https. Leave commented out for direct Internet connections or
# uncomment and change to your corporate proxy.
#https_proxy = "http://your-proxy:your-port/"

# IAS API key is a 32-digit hex string subscription key used for authentication
# of requests submitted to the IAS server. Obtain the key by subscribing in
# the portal https://api.portal.trustedservices.intel.com/
ias_api_key = "4e67ce6df0364f02bc1e80dcfb11906a"

# TEE enclave library to use.
enclave_library = "libtcf-enclave.signed.so"
enclave_library_path = "tc/sgx/trusted_worker_manager/enclave/build/lib/"
manju956 commented

Is the host machine behind proxy? If so, please configure proxy in /etc/aesmd.conf and restart aesm service. Post that put the proxy also in the config file and run Avalon. All these steps are documented in BUILD.md and PREREQUISITES.md

danintel commented

For information on getting the Intel SGX spid and answers to all your other questions, see
https://github.com/hyperledger/avalon/blob/master/PREREQUISITES.md
Follow the links about "Intel SGX documentation" and "Intel SGX homepage".

pankajgoyal2 commented

@zhoushuntong Are you still stuck with this issue? Let me know.

zhoushuntong commented

@pankajgoyal2 the issue is ok.

pankajgoyal2 commented

Thanks @zhoushuntong for the confirmation. I am closing this issue now.