无法运行enclave-server

[toc]

机器平台

操作系统：ubuntu22.04 go版本：1.18 cpu：Ice Lake SP XCC Intel Xeon 8380 40c 270W 2.3GHz

安装sgx包-Gramine环境配置

sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/gramine.list

sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list

sudo apt-get update
sudo apt-get install gramine

测试项目gramine

cd ~
git clone --depth 1  https://github.com/gramineproject/gramine.git
cd ~/gramine/CI-Examples/helloworld

make SGX=1
sudo gramine-sgx helloworld

输出如下

ubuntu@VM-0-3-ubuntu:~/gramine/CI-Examples/helloworld$ sudo gramine-sgx helloworld
Gramine is starting. Parsing TOML manifest file, this may take some time...
-----------------------------------------------------------------------------------------------------------------------
Gramine detected the following insecure configurations:

  - sgx.debug = true                           (this is a debug enclave)

Gramine will continue application execution, but this configuration must not be used in production!
-----------------------------------------------------------------------------------------------------------------------

使用chainmaker_graphene

cd ~
git clone -b v2.2.1_private_contract https://git.chainmaker.org.cn/chainmaker/graphene.git
mv graphene chainmaker-graphene
rm -rf /home/ubuntu/chainmaker-graphene/enclave-key.pem

编译Enclave-server

enclave-server.manifest.template文件内容如下

# enclave-server manifest example

loader.preload = "file:{{ gramine.libos }}"
libos.entrypoint = "{{ entrypoint }}"
loader.log_level = "{{ log_level }}"

loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/lib:/usr{{ arch_libdir }}"

loader.pal_internal_mem_size = "1G"
loader.insecure__use_cmdline_argv = true

sys.enable_sigterm_injection = true

fs.mount.lib.type = "chroot"
fs.mount.lib.path = "/lib"
fs.mount.lib.uri = "file:{{ gramine.runtimedir() }}"

fs.mount.lib2.type = "chroot"
fs.mount.lib2.path = "{{ arch_libdir }}"
fs.mount.lib2.uri = "file:{{ arch_libdir }}"

fs.mount.tmp.type = "chroot"
fs.mount.tmp.path = "/tmp"
fs.mount.tmp.uri = "file:/tmp"

# set Absolute Path
fs.mount.libos.type = "chroot"
fs.mount.libos.path = "/home/ubuntu/chainmaker-graphene/"
fs.mount.libos.uri = "file:/home/ubuntu/chainmaker-graphene/"

sgx.nonpie_binary = true
sgx.enclave_size = "16G"
#sys.stack.size = "128M"
sgx.thread_num = 256
#sgx.rpc_thread_num = 64
#sgx.enable_status = true
#sgx.profile.with_stack = true
#sgx.profile.enable = "all"
#sgx.profile.mode = "ocall_outer"


sgx.trusted_files = [
    "file:{{ entrypoint }}",
    "file:{{ gramine.runtimedir() }}/",
    "file:{{ arch_libdir }}/",
    "file:/usr{{ arch_libdir }}/",
    "file:/etc/mime.types",
    "file:/etc/default/apport",
]


sgx.allowed_files = [
    "file:/etc/nsswitch.conf",
    "file:/etc/ethers",
    "file:/etc/hosts",
    "file:/etc/group",
    "file:/etc/passwd",
    "file:/etc/gai.conf",
    "file:/etc/host.conf",
    "file:/etc/resolv.conf",
    "file:./configs/",
    "file:/tmp",
    "file:/home/ubuntu/chainmaker-graphene/",
    "file:./logs",
]

生成证书，替换自己的目录

openssl genrsa -3 -out /home/ubuntu/chainmaker-graphene/enclave-key.pem 3072

执行build.sh文件编译

sudo ./build.sh SGX=1 DEBUG=1

编译后输出：

Measurement:
    a12aef973897d56f3c9ccdb841d9fce9d12486a78eaa521bcef69bd4d29fc7b0
gramine-sgx-get-token --output enclave-server.token --sig enclave-server.sig
/usr/bin/gramine-sgx-get-token:17: DeprecationWarning: gramine-sgx-get-token is deprecated on upstream SGX driver, and calling it will be a hard error in the future
  warnings.warn(
sgx build success
 build success

硬件模式启动enclave-server

sudo gramine-sgx ./enclave-server

出现如下报错信息：

-----------------------------------------------------------------------------------------------------------------------
Gramine detected the following insecure configurations:

  - loader.log_level = warning|debug|trace|all (verbose log level, may leak information)
  - loader.insecure__use_cmdline_argv = true   (forwarding command-line args from untrusted host to the app)
  - sgx.allowed_files = [ ... ]                (some files are passed through from untrusted host without verification)

Gramine will continue application execution, but this configuration must not be used in production!
-----------------------------------------------------------------------------------------------------------------------

(pal_main.c:574:pal_main) error: PAL failed No 'loader.entrypoint' is specified in the manifest
(pal_process.c:248:_PalProcessExit) debug: PalProcessExit: Returning exit code 1

导致无法执行下一步

请问，是否有解决方案？