You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by czzmmc <no...@github.com> on 2020/07/02 11:18:47 UTC
[apache/incubator-teaclave] How to deploy teaclave with dcap using
docker-compose? (#378)
Hi, guys!
I am trying to build the whole system with dcap in those days. But I met some problem about how to deploy teaclave. I've already built it successfully with the help of Issue#334. Here is what I got.
Starting teaclave-authentication-service ... done
Starting teaclave-storage-service ... done
Starting teaclave-access-control-service ... done
Starting teaclave-scheduler-service ... done
Starting teaclave-management-service ... done
Starting teaclave-execution-service ... done
Starting teaclave-frontend-service ... done
Attaching to teaclave-storage-service, teaclave-authentication-service, teaclave-access-control-service, teaclave-scheduler-service, teaclave-management-service, teaclave-execution-service, teaclave-frontend-service
teaclave-authentication-service | [2020-07-02T11:12:19Z ERROR teaclave_authentication_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-access-control-service | [2020-07-02T11:12:20Z ERROR teaclave_access_control_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-authentication-service exited with code 0
teaclave-execution-service | [2020-07-02T11:12:26Z ERROR teaclave_execution_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-access-control-service exited with code 0
teaclave-management-service | [2020-07-02T11:12:22Z ERROR teaclave_management_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-scheduler-service | [2020-07-02T11:12:21Z ERROR teaclave_scheduler_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-execution-service exited with code 0
teaclave-management-service exited with code 0
teaclave-storage-service | [2020-07-02T11:12:19Z ERROR teaclave_storage_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-scheduler-service exited with code 0
teaclave-storage-service exited with code 0
teaclave-frontend-service | [2020-07-02T11:12:29Z ERROR teaclave_frontend_service_enclave] Failed to start the service: Failed to initialize quote : SGX_ERROR_UNEXPECTED
teaclave-frontend-service exited with code 0
ANY IDEA?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/378
Re: [apache/incubator-teaclave] How to deploy teaclave with dcap
using docker-compose? (#378)
Posted by bob_cs <no...@github.com.INVALID>.
我也遇到了这样的问题, 有办法解决吗
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/378#issuecomment-941960688
Re: [apache/incubator-teaclave] How to deploy teaclave with dcap
using docker-compose? (#378)
Posted by Mingshen Sun <no...@github.com>.
The `docker-compose-ubuntu-1804.yml` file is using the image built from `teaclave-rt.ubuntu-1804.Dockerfile`. You need to prepare a runtime image for dcap specifically and also make sure you can access attestation service inside the containers.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/378#issuecomment-653218783
Re: [apache/incubator-teaclave] How to deploy teaclave with dcap
using docker-compose? (#378)
Posted by bob_cs <no...@github.com.INVALID>.
用dcap做远程认证的时候,报:
[2021-10-13T06:17:58Z DEBUG rustls::client::hs] Using ciphersuite TLS13_CHACHA20_POLY1305_SHA256
[2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Not resuming
[2021-10-13T06:17:58Z TRACE rustls::client] EarlyData rejected
[2021-10-13T06:17:58Z TRACE rustls::client] Dropping CCS
[2021-10-13T06:17:58Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck]
[2021-10-13T06:17:58Z DEBUG rustls::client::hs] ALPN protocol is None
[2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Server cert is [Certificate(b"0\x82\x0580\x82\x03 \xa0\x03\x02\x01\x02\x02\x14Q\xc1\xec\xc45\x87Z\xc1\xeb\x84y\xdc\xf9\n\xd3_\xdf\xe3\x04L0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\00K1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\n\x0c\x0bTeaclave CA1\x190\x17\x06\x03U\x04\x03\x0c\x10Teaclave Root CA0\x1e\x17\r211008062559Z\x17\r311006062559Z0D1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x110\x0f\x06\x03U\x04\n\x0c\x08Teaclave1\x150\x13\x06\x03U\x04\x03\x0c\x0cwww.test.com0\x82\x02\"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\0\x03\x82\x02\x0f\00\x82\x02\n\x02\x82\x02\x01\0\xc5\xa3:\xbf\x8b\xc6\x10\x11\x06\xec\x1d\xe6\xa3eG\xcf[\x0c\x9d\0\x12\xffpb=\xec\xbc4@\x8fx\xe9\x1f\xb1\xfe\x9f\x1a\xb0\xab\0fx\x176\x96\xb1j\xc54\x1f\xdb4B.`U\xf0\x12\xc07%]Z\xa3\x82\n\xa7\xc4q\xf0\xfb\xa0\x88j\xc8\xd6\xe4I\x16\x81\\\xd25=\x16;\xc20<\xf9Ski\xcb\x8e\xf4\xc6\xc0\xea\x99\"V2hP\xad\xf1\xa0\xab;\xb5\xe3\xd3)@\x9f\xf2\x97\x86\xab\x0c\x9c\xd6\x05\x94'\xe9~\x9a\x02f\xdeZS\xb3\xc1\x1b2\xe9\xd8\xc9\x1anh[\xf4%N~\xcf\x8ez\xd7\xca\xef\xab c6:?\x1f\xb2\xcc\xb7\xaf\xde\x0bb\x1c\xe9\x8a\xc7\xd5\x02\xda\x80JH\xa6\xd3mw.\xf9&\xc2_O\xcaI-lx\x1a\xb1\xe6'\x16\x92\xbb\xae\x99\xbd\xda\xb0T\xa5\xa7m\xf2]!j\x01,},\xa6O\xc9V\x10@\xe4\x83\xa4\xd4M\x9f(\xb9\xcam%\xbd\x9f~\xba\x9e\x84L\x04O>\x0e_\xc5(\xe0\x13\xf4G\x81+\xda\r\x9de\xdf\x02\xf4\xeb\xf8\xa2$\xdb\x9f\xd5t\xa0\x14'\x0e\0Do\xcdm\xd7\x0b\xf5\xd7r\xec'\x93\xc6:\rJ\xc2\x8f\x11\x8b\xc4c\x8b\x8b@\x89\\\xd4 \x14h\xa9\x0cLUP\xa1\xfcn\xb5\xa5\xb9N\xdf\xa4:\xab(t74V\xc7\xb3-C\x01\x15\xf6#(\xe4\xdb\xc1L\xaf\x0f\x83\r\x7f\x91J\xe8\x10X\xc5Ue\xb3wl\xa8\\J]\xf8\x07Cih4\xc5\xcb\xaa\xc6~\xe2\xac\x1b\x8e\xc21\x03}\xc7\xb4\xd1\xdf\xeb\x1cx\xceD\xcd\xd8Re\xe6\x04\x96\x85b\x8d\xac\xf0w!\xd9g\xd5\x1e\xfc\xd0h\x8e\x18\xca\x82\xaai\xa1P\xb5B]_S\x87&\x96\xd2\xd5\x8d\xee\xc7\xbf\xd1s\x11^\x159T\x88ON\x8a\xdc\x03\xc2o\xaf\xc2(\t\xf5\xcc\x03v\x9f\x16\xb9\xf9Y\xcf\x89\xca\xc9\0\xee\x8eO\x9a\xa8\x93\xac;=\x88b\xbas\xca\xa1\xe4\xac'\xc2\xa6\x92\xb47\x99Q\xad\xdd\xa7\x84\x04 \xdf\xc5}\xca\xcf\x8c\xd8\x8b\x04\xdd\xad\x9a\xba\xd0\x9a\xbf-\x02\x03\x01\0\x01\xa3\x1b0\x190\x17\x06\x03U\x1d\x11\x04\x100\x0e\x82\x0cwww.test.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\0\x03\x82\x02\x01\0\x96\xab\xd2DL,\xe2S\xf6\xa7\x14FV\x9do\xaa\xac\x885\x15\x8a2\x0fv\xe4D_\x89/\xe2\xdd\\Zy\xb44\xf8\xa2|v|\x0e\xe6M\xbe\x90uU\xea\x82\x8eL@\x1esGX\xfe[\x99*\xce\xc0K\xca9\xa2\x9b7xSV\xe7\xda\x7f\xd2\x17~\x06\xc7\xe6\x9f\xec\xde8\xc5\x9eC\x92\xfcFnA\xa6\x16ob\xc4\xfe\xafk\x13O\xef\xd8p\xa3\x9c0\x02T\x90\xd4f\xab&\xc9\x85tQC\xf4M\t5Sj\xc8t\xa9S\xc3\xcc\xa5\xf2\x88a1p\x94\xees\xc5e~\xc4\x96&\x0co\x8a\x9ei^b\xa55\xe2\x19y\xe5\xd8\x9c\xbd3\xe0\xb7\xef\xb5\xd9\xed\xc6\x01\xc3MC,9\x95NxH\xaf\xbc\xab|\xf1\x80\x1f\x84\xde\xa6=%\x1ag\x1c\xfd\xf0\xc3\xcc\xd2j\xed\x9f\xf9\xadK\xc1\x03\xa0\xd6;\x89\xf1\xb8R:\xaf\xf5\xb1\xe65\x12\xf6\xbc\x06\x1c\xc7\xc6\xb7\x84L\x9c\xb2\xc1O6s\xd8F\x1c\xa1@\xc2`\xc1\xab\x88S\x9d\x19\xd8\x83+{\xe3\x07\x9em\xb3\xcc\x99\x18\"p\xe9\x1f\x97/\xa0:\x1b\x96\xf7\x82\xec\xb8\x92\xc8\xd8\x1c+\xd2\x8f\xc8\xa1\xb8\xadw\x1a\xaf\xb9\x05zw9\xa3\xbb2%\xa00\xb6\x8d\xe6%\xbe\xb2\xf7?\xe5\x8f\xb1\xb5\xcfL\x98w\xe1\xf2D\xe6>8\xd2\xa4\x84\xf8\xae\x0f\x9a\x9fA\x1f\r\x0ebfJ\xe7\xb4\xc6}_Ee\x8e\xfd\xb3/\x81p\x0f\xef!\x83\xa7\xb2\"$\x1f\x17\x18\xe4\xeb$\x0e\x0b2\xdd#\xc45\xdf\xf8\xfd)U,\xc7\x90\x12_\xc4Q\x13)\xd67}>\x1a0\xae\xf1\xec\r5]\x89w\xe8S\x1b\x83\xc8\x85\xa8\xd8 \xa4\xb4\x8cQ\0C\x07\xf4T\xf9Di\x1f8Y\x1a\x01Wh\xbf\x87\xb1\xb3T\x03\xf0gu3_\xe3e\xbdo/!Z\xb0\xe2\x1e\x8b\xe3\xe5\xd2\xe5\x81\xc9\xbf\xac\xf1\xd1\xb0\xc3\xe6\xfc\x86\xd9>\xb27x\xf9r?5.\xe9\xea\xdb\xef\xe6\n\x96\x0c\x8a]\x05\x80\x93 \n\xca\x9e\x94'X\xf1\x1f\xcf\x9f\x17\xa0\x16/\xa2\xdag\xfd\xe4\xdc\xb1")]
[2021-10-13T06:17:58Z DEBUG rustls::client::tls13] Ticket saved
[2021-10-13T06:17:58Z TRACE teaclave_attestation::service] HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html; charset=utf-8
Server: Rocket
Content-Length: 649
Date: Wed, 13 Oct 2021 06:17:58 GMT
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>400 Bad Request</title>
</head>
<body align="center">
<div role="main" align="center">
<h1>400: Bad Request</h1>
<p>The request could not be understood by the server due
to malformed syntax.</p>
<hr />
</div>
<div role="contentinfo" align="center">
<small>Rocket</small>
</div>
</body>
</html>
[2021-10-13T06:17:58Z DEBUG teaclave_attestation::service] http_response.parse
[2021-10-13T06:17:58Z DEBUG teaclave_attestation::service] Invalid Attestation Evidence Payload. The client should not
repeat the request without modifications.
[2021-10-13T06:17:58Z ERROR teaclave_authentication_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
request without modifications.
[2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111, 114, 34, 125]
[2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
[2021-10-13T06:17:58Z TRACE teaclave_authentication_service_enclave] tee receive cmd: 1002, input_buf = [110, 117, 108, 108]
[2021-10-13T06:17:58Z DEBUG teaclave_authentication_service_enclave] handle_invoke
[2021-10-13T06:17:58Z DEBUG teaclave_service_enclave_utils] Enclave finalizing
[2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125]
[2021-10-13T06:17:58Z DEBUG teaclave_binder::binder] Dropping TeeBinder, start finalize().
[2021-10-13T06:17:58Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
[2021-10-13T06:17:58Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
[2021-10-13T06:17:58Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/378#issuecomment-941961105
Re: [apache/incubator-teaclave] How to deploy teaclave with dcap
using docker-compose? (#378)
Posted by czzmmc <no...@github.com>.
@mssun I wrote another docker-compose .yml file for dcap and I successfully access attestation service inside the seven containers. But there is some error I want to share with u.
POST /sgx/dev/attestation/v4/report application/json:
=> Matched: POST /sgx/dev/attestation/v4/report application/json (verify_quote)
sgx_qv_verify_quote fialed: SGX_QL_QUOTE_FORMAT_UNSUPPORTED
=> Outcome: Failure
=> Warning: Responding with 400 Bad Request catcher.
=> Response succeeded.
The message is from teaclave_dcap_ref_as service. And this is my request I found from trace log.
teaclave-execution-service | [2020-07-03T07:57:18Z TRACE teaclave_attestation::service] POST /sgx/dev/attestation/v4/report HTTP/1.1
teaclave-execution-service | HOST: localhost
teaclave-execution-service | Ocp-Apim-Subscription-Key: 00000000000000000000000000000000
teaclave-execution-service | Connection: Close
teaclave-execution-service | Content-Length: 1510
teaclave-execution-service | Content-Type: application/json
teaclave-execution-service |
teaclave-execution-service | {"isvEnclaveQuote":"AgABAIYLAAALAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAADAAAAAAAAAPSdMwIXyTCOv53UZbLuzN3BVi3DCG/0Kq7yYsNI+NF8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnnferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/X2yymcMqRtntp3ZTB5zX1HgSVzXACpBc/mOkVdrKmYSND1f58RA3sQePJfgpDSpqwmOyU7Zg0Dew/8h7PaSEqAIAACU+6e53Iqc4m5TVRoz6iO8xpozNgQnECzzPU7FYJ5Yv1JFcRB/j3HekayQGuIuvWt/lD4BMRev/6H0R7BXKafCtwV5xt3shyQXgkOvX2sBkrj0I+SEmsfuBLnWU8sfDz1VxPgW/BGvaAcAzQBF02ajg3sPZtgiTRcx4w9FqtxtcWbrRd1s0ZXd9cKq/xXxkR3ZPYn2fyj0qra6mfcuPpz6eaFirMTKYAt6013zTBcptqp2ZUdkPjGMv34AbqJusJVEDpzrsTq4NwQQWbevxZbaf9/VwO1brQ82IhwaKIn1C5JSxVZYcL63NUPr2ZKr7qoq1COiQgmofOSIJkN/ExW2BX/sfgOlt9+AzmEk2byx1SNtEOc18QC5HkCG4kluiq75ranS4lcI12n2Ds2gBAABe3LUz1jg65OtzfQlie2mEQ+Fb34DOlUgKHYb+8H2X2PEf9clrBUZMNsJ/VeOKC8N2YxdWLfEVgBOTI+r8UgyjgjO6PQ8PdHpCXDADJVw+AWk2julvYes51PH7voKjH8xWKXZEF5coi4shsyygAPlJE8oMotHGlMLas8k8XL0S2w1tUXV6HxoP0qPsSZGd74yylfBpWuO/P7mRjEzD0EOuyv47DglEqaRgSaq7jN6Qf+g733DQnqEiJmqDg+Bl1674uBJQD0yUr4kS7jA0FKB9dtxX3DC6SXmZ9smbbB2kVHiq/lTqf7mbek5cO3RnyJHVe+OJ7pmIOptCtyJe+o3OKXq54nZpfpI+MWB6YAI2HLI89GL0leTce9ozP3qfyawpUTAGgK8t2YqLVoZTkjj1Ku735++iWRJVyQwIGMG+TGrTqYtLzFViam4qpBLypk1hvoLvYjzo4mC+8kbmbKxrHtiUSIo1Vy0XTNfeW+T4CZbcUvPwdkRS"}
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/378#issuecomment-653412674