- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I was doing privacy-preserving machine learning applications with Intel SGX and Gramine, as described in Gramine’s GitHub –
https://github.com/gramineproject/gramine/blob/master/Documentation/tutorials/pytorch/index.rst
I was able to execute the deep learning model inside the enclave without remote attestation.
However, I am facing problems to establish the remote attestation. Here is the error I am receiving when I am trying to connect to the DCAP server -
~/Gramine_project/examples/pytorch-confidential$ gramine-sgx ./pytorch pytorchexample.py
Gramine is starting. Parsing TOML manifest file, this may take some time...
-----------------------------------------------------------------------------------------------------------------------
Gramine detected the following insecure configurations:
- loader.insecure__use_cmdline_argv = true (forwarding command-line args from untrusted host to the app)
Gramine will continue application execution, but this configuration must not be used in production!
-----------------------------------------------------------------------------------------------------------------------
secret_provision_start: Secret Provisioning could not connect to any of the servers specified in SECRET_PROVISION_SERVERS; last mbedTLS error was -68
secret_provision_common_close: Secret Provisioning failed during connection close with mbedTLS error -28928
WARNING: Closing the secret-prov context failed with error -1.
secret_provision_constructor: Secret provisioning failed, terminating the whole process
Here is my server side -
Here is my user side -
I have changed the manifest file as instructed by Gramine. Here is the changes that I made to established the connect and DCAP -
sgx.trusted_files = [
"file:{{ entrypoint }}",
"file:{{ gramine.libos }}",
"file:{{ gramine.runtimedir() }}/",
"file:/usr/lib/",
"file:{{ arch_libdir }}/",
"file:/usr/{{ arch_libdir }}/",
{% for path in python.get_sys_path(entrypoint) %}
"file:{{ path }}{{ '/' if path.is_dir() else '' }}",
{% endfor %}
"file:pytorchexample.py",
"file:ssl/ca.crt",
]
sys.enable_extra_runtime_domain_names_conf = true
sgx.remote_attestation = "dcap"
loader.env.LD_PRELOAD = "libsecret_prov_attest.so"
loader.env.SECRET_PROVISION_CONSTRUCTOR = "1"
loader.env.SECRET_PROVISION_SET_KEY = "default"
loader.env.SECRET_PROVISION_CA_CHAIN_PATH = "ssl/ca.crt"
loader.env.SECRET_PROVISION_SERVERS = "localhost:4433"
Please note that I have also tried with setting the RA_TLS_ALLOW_OUTDATED_TCB_INSECURE to 1.
Could you please suggest how to resolve the issue?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Could you send us:
- the logs (manifest.template) with loader.log_level = "all" for the complete Gramine log for us to further investigate.
- Your Gramine version
We highly recommend that you open an issue in the official Gramine GitHub repo as this is related to Gramine , here is the link for the repo https://github.com/gramineproject/gramine/
They would be the correct experts to refer to for Gramine.
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Iffa,
Thank you for your reply.
I am using Gramine 1.5. Here is the version details -
Package: gramine
Version: 1.5
Priority: optional
Section: misc
Maintainer: Wojtek Porczyk <woju@invisiblethingslab.com>
Installed-Size: 21.9 MB
Depends: libcurl4 (>= 7.58), libprotobuf-c1, python3, python3-click, python3-cryptography, python3-jinja2, python3-pyelftools, python3-tomli (>= 1.1.0), python3-tomli-w (>= 0.4.0)
Recommends: gramine-ratls-dcap, gramine-ratls-epid
Conflicts: gramine-oot
Breaks: gramine-dcap (<< 1.4~)
Replaces: gramine-dcap (<< 1.4~)
Homepage: https://gramine.readthedocs.io/
Download-Size: 3,351 kB
APT-Manual-Installed: yes
APT-Sources: https://packages.gramineproject.io jammy/main amd64 Packages
Description: A lightweight usermode guest OS designed to run a single Linux application
As the complete Gramine log is quite long, I am attaching a text file that contains the entire log for loader.log_level = "all".
Please let me know if you need further information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The developers in the Gramine Github can better answer you question. I recommend posting it in:
https://github.com/gramineproject/gramine/issues
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page