-
Notifications
You must be signed in to change notification settings - Fork 261
Kernel >= 5.11 (5.12.9) how to load driver? #2437
Comments
Oops, seems we forgot to update this tool when SGX drivers got upstreamed. Please check if #2438 fixes the problem for you. From the description you provided it seems that your system is fine and should be able to run SGX, it's just our script which is outdated :) |
Well this makes it just return true for |
Ah, I missed that there is one more issue in your description.
This is most likely caused by quite bad support for SGX in current Linux distros. AFAIR by default this device is accessible only by root, so you just need to |
So even as root (or sudo) / giving perms to this dev to another user.
It seems #ifdef SGX_DCAP
/* ask Intel SGX driver to actually mmap the added enclave pages */
uint64_t mapped = INLINE_SYSCALL(mmap, 6, addr, size, prot, MAP_FIXED | MAP_SHARED,
g_isgx_device, 0);
if (IS_ERR_P(mapped)) {
log_error("Cannot map enclave pages %ld\n", ERRNO_P(mapped));
return -EACCES;
} That I compiled it with SGX_DCAP defined, but I am using inkernel driver, maybe some mixup here? Guessing the 1 here is Some kind of permission error (maybe apparmor or some security profile, tho I turned apparmor off and samething), I am testing on Ubuntu 21.04, with a i7-1065G7 Thinking its this, https://askubuntu.com/questions/1233973/what-happened-to-mmap-in-20-04 |
K solved, so on ubuntu 20.04 and up need to remount /dev and remove noexec. I wonder if there is a better fix for this?
EDIT: |
@vans163 I didn't encounter this "remount /dev". Where did you find this suggestion? Why does it help? After quick googling, I found this: https://unix.stackexchange.com/questions/581928/is-it-safe-to-add-noexec-mount-option-in-dev. And it looks like Debian/Ubuntu indeed now mounts with |
This is interesting, but I think it's only on 21.04 and up. We do testing on 20.04 and it works there, I even checked on my instance:
CC: @woju, seems 21.04 broke SGX support altogether? |
I was trying to setup a new machine with 5.11 upstream kernel and Ubuntu 20.04 and I faced this same issue even there, was able to resolve with |
Just a quick note on this, since we hit this today. Actually there are two separate issues:
So one should check for both these issues. These issues are there until modern Linux OS distributions are shipped with correct installation scripts for the Linux SGX driver. |
Yup, this is basically distros breaking SGX driver in their default setups. And they don't ship any usermode SGX daemons yet, so they probably don't even know that they've broken something. |
The issue itself was resolved, closing. |
Was it really resolved? This seems to be quite a big problem for SGX ecosystem, I'd say we need to either document this or ask Ubuntu devs to fix this. |
I face the same problem. Using this command: mount -o remount,exec /dev, solved it. |
Looking at is_sgx_available
ls /dev | grep sgx
uname -a
My understanding is that kernel 5.11 carries all the needed kmods to run graphene-sgx, but it seems like it wants the driver, when I try to run the example in different ways:
I dont see SGX in lsmod. Guessing I need to install https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver/linux but its in a transitional stage so soon this will be upstreamed aswell?
But the changelog here says
When I try to make it
The text was updated successfully, but these errors were encountered: