DCAP failed #667
Description
I have deployed the dcap service, aesmd status:
root@tec-191:~/incubator-teaclave# service aesmd status
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-10-19 08:19:08 UTC; 2 months 0 days ago
Main PID: 35809 (aesm_service)
Tasks: 4 (limit: 613772)
Memory: 7.0M
CGroup: /system.slice/aesmd.service
└─35809 /opt/intel/sgx-aesm-service/aesm/aesm_service
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain from memory cache successfully.
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain from memory cache successfully.
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain from memory cache successfully.
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain from memory cache successfully.
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Try memory cache...
Dec 19 08:34:07 tec-191 aesm_service[35809]: [QCNL] Retrieved PCK certchain from memory cache successfully.pccs status and config:
root@tec-191:~/incubator-teaclave# service pccs status
● pccs.service - Provisioning Certificate Caching Service (PCCS)
Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-11-07 10:45:41 UTC; 1 months 11 days ago
Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
Main PID: 284276 (node)
Tasks: 11 (limit: 613772)
Memory: 73.7M
CGroup: /system.slice/pccs.service
└─284276 /usr/bin/node -r esm /opt/intel/sgx-dcap-pccs/pccs_server.js
Dec 18 01:00:03 tec-191 node[284276]: 2022-12-18 01:00:03.719 [info]: Request-ID is : 85ff17da17fe433f8d718dedb136d679
Dec 18 01:00:04 tec-191 node[284276]: 2022-12-18 01:00:04.490 [info]: Request-ID is : dfef1d7294994b9caffe5deda5ea6a9e
Dec 18 01:00:05 tec-191 node[284276]: 2022-12-18 01:00:05.230 [info]: Scheduled cache refresh is completed successfully.
Dec 19 01:00:02 tec-191 node[284276]: 2022-12-19 01:00:02.088 [info]: Request-ID is : 55fb3551d0574a41895a47c22ee5c38f
Dec 19 01:00:03 tec-191 node[284276]: 2022-12-19 01:00:03.165 [info]: Request-ID is : 2bab10c8dda549c09d0b2a391accdad6
Dec 19 01:00:03 tec-191 node[284276]: 2022-12-19 01:00:03.953 [info]: Request-ID is : 9e2f6c486a534de1bd1b9329521c8f69
Dec 19 01:00:04 tec-191 node[284276]: 2022-12-19 01:00:04.805 [info]: Request-ID is : a87492cfe13f43ea8cbabe358ee4fc76
Dec 19 01:00:05 tec-191 node[284276]: 2022-12-19 01:00:05.736 [info]: Scheduled cache refresh is completed successfully.
Dec 19 02:48:26 tec-191 node[284276]: 2022-12-19 02:48:26.702 [info]: Client Request-ID : 9cddea128ad946bda06b7b94e925208b
Dec 19 02:48:26 tec-191 node[284276]: 2022-12-19 02:48:26.708 [info]: 127.0.0.1 - - [19/Dec/2022:02:48:26 +0000] "GET /sgx/certification/v3/pckcert?qeid=480A5C930339045DBBC81B7C3C3ACCEC&encrypted_ppid=76AD9CB026682225C96680D57D545E83F2EC79248A3C73445212BAD2F2149B1BE012>
lines 1-20/20 (END)
{
"pccs_url": "https://localhost:8082/sgx/certification/v3/",
"use_secure_cert": false,
"retry_times": 6,
"retry_delay": 10,
"pck_cache_expire_hours": 168
}Build the Teaclave platform using docker(https://teaclave.apache.org/docs/my-first-function/):
docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-1804-sgx-dcap-1.11:latest \
bash -c ". /root/.cargo/env && \
. /opt/sgxsdk/environment && \
mkdir -p build && cd build && \
cmake -DDCAP=ON -DTEST_MODE=ON .. && \
make"or
docker run --rm -v $(pwd):/teaclave -w /teaclave \
-it teaclave/teaclave-build-ubuntu-1804-sgx-2.14:latest \
bash -c ". /root/.cargo/env && \
. /opt/sgxsdk/environment && \
mkdir -p build && cd build && \
cmake -DTEST_MODE=ON .. && \
make"I have tried the above commands, and the construction is successful. But when I continue to run the following command: cd docker && ./run-teaclave-services.sh, it failed. The log is as follows:
root@tec-191:~/incubator-teaclave# export TEACLAVE_LOG=info
root@tec-191:~/incubator-teaclave# cd docker && ./run-teaclave-services.sh
/dev/sgx/enclave device detected.
/dev/sgx/provision device detected.
/var/run/aesmd/aesm.socket socket detected.
COMMAND: docker-compose -f docker-compose-ubuntu-1804.yml -f docker-compose-dcap-dev.override.yml -f docker-compose-aesm-socket.override.yml up
Starting teaclave-access-control-service ... done
Starting teaclave-storage-service ... done
Starting teaclave-file-service ... done
Starting teaclave-authentication-service ... done
Starting teaclave-management-service ... done
Starting teaclave-scheduler-service ... done
Starting teaclave-execution-service ... done
Starting teaclave-frontend-service ... done
Attaching to teaclave-access-control-service, teaclave-storage-service, teaclave-authentication-service, teaclave-scheduler-service, teaclave-file-service, teaclave-execution-service, teaclave-management-service, teaclave-frontend-service
teaclave-authentication-service | [2022-12-19T08:34:04Z INFO teaclave_authentication_service_enclave] Starting Authentication...
teaclave-access-control-service | [2022-12-19T08:34:05Z ERROR teaclave_access_control_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-access-control-service | request without modifications.
teaclave-access-control-service | [2022-12-19T08:34:05Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-access-control-service | [2022-12-19T08:34:05Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-storage-service | [2022-12-19T08:34:05Z INFO teaclave_storage_service_enclave] Starting Storage...
teaclave-access-control-service exited with code 0
teaclave-authentication-service | [2022-12-19T08:34:06Z ERROR teaclave_authentication_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-authentication-service | request without modifications.
teaclave-authentication-service | [2022-12-19T08:34:06Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-authentication-service | [2022-12-19T08:34:06Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-scheduler-service | [2022-12-19T08:34:06Z INFO teaclave_scheduler_service_enclave] Starting Scheduler...
teaclave-frontend-service | [2022-12-19T08:34:06Z INFO teaclave_frontend_service_enclave] Starting FrontEnd ...
teaclave-authentication-service exited with code 0
teaclave-execution-service | [2022-12-19T08:34:07Z INFO teaclave_execution_service_enclave] Starting Execution...
teaclave-storage-service | [2022-12-19T08:34:07Z ERROR teaclave_storage_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-storage-service | request without modifications.
teaclave-management-service | [2022-12-19T08:34:07Z INFO teaclave_management_service_enclave] Starting Management...
teaclave-storage-service | [2022-12-19T08:34:07Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-storage-service | [2022-12-19T08:34:07Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-scheduler-service | [2022-12-19T08:34:07Z ERROR teaclave_scheduler_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-scheduler-service | request without modifications.
teaclave-frontend-service | [2022-12-19T08:34:07Z ERROR teaclave_frontend_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-frontend-service | request without modifications.
teaclave-storage-service exited with code 0
teaclave-scheduler-service | [2022-12-19T08:34:07Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-scheduler-service | [2022-12-19T08:34:07Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-frontend-service | [2022-12-19T08:34:08Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-frontend-service | [2022-12-19T08:34:08Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-scheduler-service exited with code 0
teaclave-execution-service | [2022-12-19T08:34:08Z ERROR teaclave_execution_service_enclave] Service shutdown, reason: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-execution-service | request without modifications.
teaclave-execution-service | [2022-12-19T08:34:08Z INFO teaclave_service_app_utils] Exit
teaclave-frontend-service exited with code 0
teaclave-management-service | [2022-12-19T08:34:08Z ERROR teaclave_management_service_enclave] Failed to start the service: Invalid Attestation Evidence Payload. The client should not repeat the
teaclave-management-service | request without modifications.
teaclave-management-service | [2022-12-19T08:34:09Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-management-service | [2022-12-19T08:34:09Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-execution-service exited with code 1
teaclave-management-service exited with code 0Where did I operate or configure incorrectly, please? Thank you in advance for your reply.