Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Beginner
63 Views

Using PoET behind FW

Hello, I am trying to setup PoET environment. but it seems I am running into an issue now. When I use command like “poet enclave --enclave-module sgx measurement”, I got an error like ERROR: SGX_ERROR_SERVICE_UNAVAILABLE Traceback (most recent call last): File "/usr/lib/python3/dist-packages/sawtooth_poet_cli/main.py", line 133, in main_wrapper main() File "/usr/lib/python3/dist-packages/sawtooth_poet_cli/main.py", line 125, in main do_enclave(args) File "/usr/lib/python3/dist-packages/sawtooth_poet_cli/enclave.py", line 57, in do_enclave data_dir=config.get_data_dir()) as poet_enclave_module: File "/usr/lib/python3/dist-packages/sawtooth_poet_cli/poet_enclave_module_wrapper.py", line 58, in __init__ self._poet_enclave_module.initialize(config_dir, data_dir) File "/usr/lib/python3/dist-packages/sawtooth_poet_sgx/poet_enclave_sgx/poet_enclave.py", line 532, in initialize _poet = Poet(data_dir, signed_enclave, toml_config['spid']) File "/usr/lib/python3/dist-packages/sawtooth_poet_sgx/poet_enclave_sgx/poet_enclave.py", line 396, in __init__ this = _poet_enclave.new_Poet(dataDirectory, enclaveModulePath, spid) SystemError: Failed to create PSE session.: SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE It seems to me that it tries to reach ps.sgx.trustedservices.intel.com, but I have setup the node behind proxy. So, it failed to connect the server. I’ve set http_proxy or https_proxy, but these environment variables seem to be ignored. Could you let me know how I can solve this problem? It would be great if someone could provide hints to solve the issue. Thanks,
Tags (1)
0 Kudos
6 Replies
Beginner
63 Views

Hello, I've tried to modified /etc/sawtooth/poet_enclave_sgx.toml to see if there's any way to solve this. It seems that ias_url in the file is somehow ignored. I've used "https://test-as.sgx.trustedservices.intel.com:443" for ias_url, but when I use poet command, it always looks for ps.sgx.trustedservices.intel.com. I just followed everything documented in the following URL. If I miss something, please let me know. https://sawtooth.hyperledger.org/docs/core/releases/1.0.0rc1/sysadmin_guide/configure_sgx.html
0 Kudos
Beginner
63 Views

anybody ever fixed the problem?

0 Kudos
63 Views

I am not familiar with the specific scenario, but in general, if you want to configure a proxy for the AESM, at the bottom of the GitHub page

https://github.com/intel/linux-sgx

it says:

Configure the Proxy for aesmd Service

The aesmd service uses the HTTP protocol to initialize some services.
If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service.
You should manually edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service.
After you configure the proxy, you need to restart the service to enable the proxy.

 

 

0 Kudos
Beginner
63 Views

Hello,

I followed this documentation for setting up PoET: https://sawtooth.hyperledger.org/docs/core/releases/1.0/sysadmin_guide/configure_sgx.html

When it reached to execute this command "poet enclave --enclave-module sgx measurement" following error occured: SystemError: Unable to create enclave.: SGX ERROR: SGX_ERROR_SERVICE_UNAVAILABLE

What does this error means? How can we overcome this? Thanks.

0 Kudos
Employee
63 Views

Please check if aesmd service is running on your machine. `$ sudo service aesmd status` will give more information.

Optionally as Francisco suggested you may check if your machine is behind a firewall or proxy network.

0 Kudos
63 Views

You need to add your corporate proxy to /etc/aesmd.conf:

proxy type = manual
aesm proxy = <proxy url and port here>

Then restart aesmd or reboot.

Also, make sure "intel.com" is not in $no_proxy as both  certificates.trustedservices.intel.com and software.intel.com need to be accessed through the proxy.

0 Kudos