Failed to reproduce confidential-ml example

Question

Failed to reproduce confidential-ml example

Opened this issue 8 months ago · 1 comments

error log (when trying to run the certifier service)

$ <terminal-1: certifier-service> ./run.sh x86_64 193.168.10.15
....
VerifySignedClaim: Time violation
Can't verifiy signature

reported from Guan, Mingyu/mingyu.guan@gatech.edu

Answer 1 · 2024-03-13T06:27:02.000Z

This is a temporal solution:

It works only for "How to test with simulated enclave (no actual hardware TEE) on x86_64" in code_model.md.

I found that getting "How to test with Islet" to work requires more work. I'll inform you after it gets done.
Also, after solving the issue regarding "How to test with Islet", I'll release a new docker image.

:: Solution

data.zip

Go into the docker terminal, uncompress the attached data.zip, and copy the uncompressed files to /islet/examples/confidential-ml/certifier-data/ (overwrite)
Edit /islet/third-party/certifier/src/cc_helpers.c as follows.

void secure_authenticated_channel::server_channel_accept_and_auth(
      void (*func)(secure_authenticated_channel&)) {
    // accept and carry out auth
+  SSL_CTX_set_verify(SSL_get_SSL_CTX(ssl_), SSL_VERIFY_PEER, NULL);
    int res = SSL_accept(ssl_);
}

Follow the instructions in "How to test with simulated enclave (no actual hardware TEE) on x86_64"
N.B. you have to run "build.sh" for all apps.