lejunzhu
lejunzhu
The root cause is the glibc comes with Gramine has a different TZDEFAULT macro: ``` $ strings /usr/local/lib/x86_64-linux-gnu/gramine/runtime/glibc/libc.so | grep "/usr/local/etc" /usr/local/etc/localtime ``` This is introduced in glibc Makeconfig: ```...
> @lejunzhu Do you know why `sysconfdir` in the Glibc Makefile has a wrong prefix? And what would be a simple way of fixing this prefix (it looks like this...
> > A remote party may want to attest not only which binary is run, but also which specific configuration is used (CONFIGID and CONFIGSVN) > > This sounds more...
> > The user may want to keep MRENCLAVE to a well known value, in order to collaborate with other Gramine apps via remote attestation. > > How would would...
> I still fail to see how exactly the files-per-user are protected with KSS. The `CONFIGID` is set up by the possibly-malicious host, and it seems that the SGX enclave...
Just my two cents, for the syscall interface, there is another possibility: to patch the ELF file after the Go toolchain produces it. And this could be more convenient if...
The server.py script actually works correctly, but its output is buffered by Gramine. Add 'flush=True' to the print() calls in server.py, and you will see all the output.
Maybe a silly question, but have you tried "make clean" then "make SGX=1" in the VM? If the .token file has some flag mismatch, it will also cause error -5.
Indeed. With Qemu 7.1 on an ICX, Gramine works only when I remove this line: https://github.com/gramineproject/gramine/blob/d5599d52d2076006d31493da00f096099298aaf0/python/graminelibos/sgx_get_token.py#L40 If either avx or avx512 bit is set in the token, gramine will fail...
> Looks like the issue is solved on the Gramine side (solution: do not use the latest QEMU v7.1). > > It would be interesting to debug why QEMU started...