awesome-sgx icon indicating copy to clipboard operation
awesome-sgx copied to clipboard

Published 20 hours ago verified publisher icon Liaojinghui

How to enable SGX in Azure VM to run another application?

Open maincui opened this issue 5 years ago • 9 comments

Hello,

看ID应该是同胞哈,请问怎么在Azure VM上配置SGX来让它支持别的应用程序呢?一直没有配置成功,是SGX驱动/SDK/PSW不支持虚拟机,必须运行在物理芯片和主机上吗?

另外,怎么知道SGX配置成功了呢?按照intel的开源项目,是硬件模式编译的示例应用运行成功还是AESMD服务成功运行?

非常抱歉冒昧打扰了,也希望能得到你的帮助, Main C

maincui avatar Sep 01 '19 03:09 maincui

抱歉哈,我没有在Azure VM上配置的经验,但是我在阿里云上查过,需要神龙什么的,也就是说至少在阿里云上需要特殊的硬件支持的vm。https://www.alibabacloud.com/help/zh/doc-detail/60576.html?spm=a2c5t.10695662.1996646101.searchclickresult.43cf4c81kXHuar

Jim8y avatar Sep 02 '19 15:09 Jim8y

你太客气了,没在Azure上配置过不要紧,但怎么知道配置的SGX是成功了呢?AESMD现在能运行,虽然报错平台服务初始化失败DAL出错,但之后也显示了好像成功的log,请问这是成功了吗?

The server sock is 0x55a790600e60 ,这里的sock是socket吗?后面16进制的数字是什么?

● aesmd.service - Intel(R) Architectural Enclave Service Manager
   Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-09-02 12:02:46 UTC; 16h ago
 Main PID: 152467 (aesm_service)
    Tasks: 4 (limit: 19164)
   CGroup: /system.slice/aesmd.service
           └─152467 /opt/intel/libsgx-enclave-common/aesm/aesm_service

Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]Platform Services initializing
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]Platform Services initialization failed due to DAL error
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: The server sock is 0x55a790600e60
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]White list update request successful for Version: 57

maincui avatar Sep 03 '19 04:09 maincui

最简单的方式就是编译运行一下他们提供的sample,一个SimpleEnclave,如果你的SGX环境配置正确,那就可以直接出结果,否则的话会提示你找不到SGX。

Jim8y avatar Sep 03 '19 13:09 Jim8y

driver/PSW里没有例子啊,psw安装好后aesmd就出来上面的错误和成功夹在的日志,也不知道到底是成功还是失败,是否还有参数需要配置 SDK里有例子,但simulation模式成功,hardware模式时成时败

maincui avatar Sep 04 '19 03:09 maincui

hardware模式失败的话,要么是硬件本身不支持,要么是支持但是bios没开,这两个原因你虚拟机的话啥都做不了,另外还有可能是driver没装好,我经常遇到原本好好的环境突然就不行了,你可以试试重新安装一遍sdk和driver。

Jim8y avatar Sep 04 '19 13:09 Jim8y

好,昨晚跌跌撞撞最后成功了,但是具体哪些操作是必要的哪些不是必要的还不清楚,准备再建一个虚拟机重新操作一遍,也算总结经验,谢谢你的帮助!

maincui avatar Sep 05 '19 01:09 maincui

To all who may want to know how to check/enable/install SGX for support on VM, also maybe applicable to bare metal machines, which I will check later in production phase:

  1. Try to check the availability and status of the OS via sgx-hardware

  2. Install SGX driver(maybe unnecessary for bare metal machine) and PSW for support to 3rd-party applications, no need to install SDK. Install it if you want develop program based on SGX.

  3. After PSW installed, enable/start AESMD service and check its status. Ignore the DAL error, when it shows log as the above, you are ready to run your application.

maincui avatar Sep 19 '19 05:09 maincui

@maincui Thank you for sharing, I believe your experience values to all SGX researchers.

Jim8y avatar Sep 19 '19 12:09 Jim8y

好,昨晚跌跌撞撞最后成功了,但是具体哪些操作是必要的哪些不是必要的还不清楚,准备再建一个虚拟机重新操作一遍,也算总结经验,谢谢你的帮助!

所以最后成功了吗?任意azure的vm都可以用sgx吗?谢谢!

SongChujun avatar Apr 21 '20 15:04 SongChujun