Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

foreshadow/lvi building error , memcmp running error #50

Closed
xiaonan-INTC opened this issue Jun 23, 2022 · 16 comments
Closed

foreshadow/lvi building error , memcmp running error #50

xiaonan-INTC opened this issue Jun 23, 2022 · 16 comments
Labels
compile

Comments

@xiaonan-INTC
Copy link

  1. Building error

For app/foreshadow/, run $make,
[===] Enclave [===]
[GEN] sgx_edger8r encl.edl
[CC] encl_t.c (trusted edge)
[CC] encl.c (core)
[LD] encl.o encl_t.o -lsgx_trts encl.unsigned.so
[SGN] encl.unsigned.so
make[1]: *** [Makefile:53: encl.so] Error 255
make: *** [Makefile:73: build-Enclave] Error 2

For app/lvi/, run $make,
[===] Enclave [===]
[GEN] sgx_edger8r encl.edl
[CC] encl_t.c (trusted edge)
[CC] encl.c (core)
[AS] asm.S (core)
[LD] encl.o asm.o encl_t.o -lsgx_trts encl.unsigned.so
[SGN] encl.unsigned.so
make[1]: *** [Makefile:53: encl.so] Error 255
make: *** [Makefile:66: build-Enclave] Error 2

  1. Running error

For memcmp:
[main.c] assertion 'pwd_len < MAX_LEN' failed: Invalid argument
Aborted
@jovanbulck
Copy link
Owner

Thanks for reporting!

  1. the building errors should def not happen. Not sure what goes wrong exactly, you might want to comment the .SILENT in the Makefiles so you can intermediate output. I'd think it's something wrong w the installation on your end, since building works fine in the CI (can't run the apps there but at least they should build without errors). let me know if you have more concrete issues w building?
  2. the running error is due to this failed ASSERT macro, which indicates the attack didn't work and the password length was not correctly recovered. This is probably related to os would always hang after running cpl/idt/memcmp #51 so let's move this there and keep this issue for building errors only ^^

@jovanbulck jovanbulck mentioned this issue Jun 27, 2022
Closed
@xiaonan-INTC
Copy link
Author

xiaonan-INTC commented Jun 30, 2022
edited
Loading

Thanks a lot for the analysis, jovanbulck,

Update 1,
lvi building: PASS, running: PASS

foreshadow building: PASS, running: FAIL, error message:
...
[main.c] prefetching enclave secret (EENTER/EEXIT)...
[main.c] extracting secret from L1 cache..
Illegal instruction
...

For 2, memcmp running error still exists.

So I will close it and move all running issues to #51

@namrata690
Copy link

namrata690 commented Sep 26, 2024
edited
Loading

Hello @xiaonan-INTC, @jovanbulck
I am getting a similar build error on running make in app/memcmp:

[===] Enclave [===]
[GEN] sgx_edger8r encl.edl
[CC] encl_t.c (trusted edge)
[CC] encl.c (core)
[LD] encl.o encl_t.o -lsgx_trts encl.unsigned.so
[SGN] encl.unsigned.so
make[1]: *** [Makefile:53: encl.so] Error 255
make: *** [Makefile:73: build-Enclave] Error 2

How did you resolve this?
Thanks.

@jovanbulck
Copy link
Owner

Hi @namrata690

From above:

the building errors should def not happen. Not sure what goes wrong exactly, you might want to comment the .SILENT in the Makefiles so you can intermediate output. I'd think it's something wrong w the installation on your end, since building works fine in the CI (can't run the apps there but at least they should build without errors). let me know if you have more concrete issues w building?

I suspect your SDK installation is wrong. Can you post the full output of trying to build without the --silent flags in the Makefile?

sgx-step/app/memcmp/Makefile

Line 60 in 1483dc8

MAKEFLAGS += --silent

@namrata690
Copy link

Hi @namrata690

From above:

the building errors should def not happen. Not sure what goes wrong exactly, you might want to comment the .SILENT in the Makefiles so you can intermediate output. I'd think it's something wrong w the installation on your end, since building works fine in the CI (can't run the apps there but at least they should build without errors). let me know if you have more concrete issues w building?

I suspect your SDK installation is wrong. Can you post the full output of trying to build without the --silent flags in the Makefile?

sgx-step/app/memcmp/Makefile

Line 60 in 1483dc8

MAKEFLAGS += --silent

image

@jovanbulck
Copy link
Owner

Looks like your enclave signing is not succeeding. Try make clean first to generate new keys?

Also, try rmeoving the > /dev/null 2> /dev/null to see the signing error

@namrata690
Copy link

Looks like your enclave signing is not succeeding. Try make clean first to generate new keys?

Also, try rmeoving the > /dev/null 2> /dev/null to see the signing error

image

@jovanbulck
Copy link
Owner

looks like you'll have to remove and re-generate private_key.pem

@namrata690
Copy link

looks like you'll have to remove and re-generate private_key.pem

Thanks, this worked! build succeeds now, but when I do make run, it shows the following:

image

@jovanbulck
Copy link
Owner

glad to hear it worked!

the error message is exactly what it says, you have to load the driver /dev/sgx-step first -- see the README :)

@jovanbulck
Copy link
Owner

also note to self: improve the verbosity of the Makefile build system to display errors more clearly (eg via a global config option in the refactored build system cf #67 )

@namrata690
Copy link

glad to hear it worked!

the error message is exactly what it says, you have to load the driver /dev/sgx-step first -- see the README :)

Thanks a lot, this worked, but the laptop froze while running, and I had to restart it again, known issue (or flaky behavior)?

image

@xiaonan-INTC
Copy link
Author

glad to hear it worked!
the error message is exactly what it says, you have to load the driver /dev/sgx-step first -- see the README :)

Thanks a lot, this worked, but the laptop froze while running, and I had to restart it again, known issue (or flaky behavior)?

image

Also met same issue, could developers help check? :)

@jovanbulck
Copy link
Owner

Hi both!

From the screenshot above, it seems like your APIC setup is not working and I suspect you get a #GP which the kernel doesn't expect and freezes your machine..

FWIW, it seems it crashes already at this line when it tries to read from the APIC (using the new x2apic support) via a privileged IRQ gate:

sgx-step/libsgxstep/apic.c

Line 84 in 1483dc8

libsgxstep_info("APIC_ID=%#x; LVTT=%#x; TDCR=%#x", apic_id(),

TL;DR: first make sure your basic setup works by running the programs in app/selftest before attempting app/memcmp or others. Importantly, make sure your kernel cmdline args are correct (cf README sudo ./check_sys.sh)

Feel free to let me know (preferably by opening a new issue with a much as info output etc as possible) if app/selftest doesn't work / freezes your system even after check_sys.sh says it's correctly configured?

Hope this helps!

@jovanbulck
Copy link
Owner

also make sure to correctly configure nox2apic and X2APIC in config.h as described here: #89

@namrata690
Copy link

also make sure to correctly configure nox2apic and X2APIC in config.h as described here: #89

Yeah, @w-woloszyn helped debug this and it works now. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compile
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jovanbulck @namrata690 @xiaonan-INTC