- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I successfully followed enclaves_op's instructions for setting up the environment. Prior to running a secure model in SGX, it is necessary to run "dkeycache" and perform remote attestation through "dkeyserver". However, I encountered an error during remote attestation where it indicated that msg3 was not matching.
Please note that the default remote attestation provided by SGX SDK works perfectly, and msg 3 was also successfully verified there. But for SGX-Pytorch, RA is not working.
Here are the logs:
dhar@SGX-server:~/temp/sgx-pytorch/enclave_ops/deployment/bin/dkeycache$ sudo ./dkeycache
Connect dkeyserver success!
Call sgx_ra_get_msg1_ex success, the MSG1 body generated.
Sending MSG1 to remote attestation service provider, and expecting MSG2 back...
MSG2 recieved success!
Call sgx_ra_proc_msg2_ex success.
Sending MSG3 to remote attestation service provider,expecting attestation result msg back...
Error, the attestaion MSG's type is not matched!
Call enclave_ra_close success.
Failed(-1) to setup the secure channel.
failed to initialize the dkeycache service.
dkeycache service is ON...
dhar@SGX-server:~/temp/sgx-pytorch/enclave_ops/deployment/bin/dkeyserver$ sudo ./dkeyserver
Waiting for incoming connections...
New Client(4) connected! IP=127.0.0.1
receive the msg type(1) from client.
Dispatching TYPE_RA_MSG1, body size: 68
send response success with msg type(2)
receive the msg type(3) from client.
Dispatching TYPE_RA_MSG3, body size: 4936
cert_key_type = 0x5
Error: sgx_qv_get_quote_supplemental_data_size failed: 0x0000
Info: App: sgx_qv_verify_quote successfully returned.
Info: App: Verification quote_verification_result=0xa003
verify result is not expected (0xa003)
failed(-1) to handle msg type(3)
send response success with msg type(3)
I would greatly appreciate any assistance.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mubashwir,
Thanks for reaching out to us.
Let me check with relevant team and I'll update here at the earliest.
Regards,
Wan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Wan,
Do you have any updates from your side? Any help will be appreciated.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mubashwir,
Apologies for the delay, we are working with the engineering team to resolve this issue. I will let you know when we have more information.
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mubashwir,
Thank you for your patience while we are looking into this issue.
I noticed the "Verification quote_verification_result=0xa003" which means SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED, as shown here. The Quote is good but the TCB level of the platform is out of date. This could mean
- Some part of the SGX TCB is out of date and needs to be updated
- Some configuration is needed to fully mitigate certain Security Advisories (SAs) on this particular CPU.
We would recommend to run our DCAP Quote Generation and Quote Verification samples located here. The quote verifier sample will print out the list of SAs for your reference.
Furthermore, have you heard of Gramine? We would recommend you to look in Gramine for your PyTorch use cases. Here is the link for the repo.
Let us know if you have any questions. We are happy to assist you.
Regards,
Ken
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ken,
Thanks for the reply.
A couple of things to know
1. As mentioned, TCB is out of date. Does that mean we need to update the firmware of SGX from BIOS? Is there any way I can do it remotely?
2. If I build dkeycache and dkeyserver in simulation mode, will the below command work in SGX PyTorch?
model = secure_mkldnn.to_secure_mkldnn(model)
3. I'll check out Gramaine. Thank you for the suggestion. I have a quick question: can Gramaine be used for SGX Pytorch scenarios?
Thanks,
Mubashwir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mubashwir,
Well, some part of SGX TCB is out of date and needs to be updated. It could be the BIOS loaded microcode, OS loaded microcode, certain Authenticated Code Modules (ACMs) included in the BIOS, or one of the SGX Architectural Enclaves (Quoting Enclave, Provisioning Certification Enclave). For the BIOS components, you need to make sure you have the latest BIOS on your platform and if is the latest, you may need to request a new one from your OEM.
Is there a reason you are using the SGX+PyTorch repo? Since it's outdated, it's not exactly fully supported anymore, that is why we recommend using Gramine or the PyTorch Curated App. Many customers are using it in production with PyTorch and other workloads, and it is fully supported:
- https://github.com/gramineproject/examples/tree/master/pytorch
- https://github.com/gramineproject/contrib/tree/master/Intel-Confidential-Compute-for-X/workloads/pytorch
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
This thread is now closed and will not be monitored. Please open a new thread if needed.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page