Replies: 1 comment
-
figured it out |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Any help to where I am makeing a mistake is greatly appreciated.
Working to add a more compley python program
I can get the helloworld to run
Took this demo
https://github.com/amiller/gramine-rsademo to see if I could reproduce it
Getting
error: PAL failed Unable to load loader.entrypoint: -6
#...OS...
Running Centos Streams 9
#...Gramine...
Gramine 1.7 (1.7)
make SGX=1 DEBUG=1
gramine-manifest
-Dlog_level=debug
-Darch_libdir=/lib64
-Dentrypoint=/usr/bin/python3.9
python.manifest.template >python.manifest
WARNING: error in manifest (after rendering): extra keys not allowed @ data['sgx']['nonpie_binary']
gramine-sgx-sign
--manifest python.manifest
--output python.manifest.sgx
Attributes (required for enclave measurement):
size: 0x80000000
edmm: True
max_threads: 2
SGX remote attestation:
None
Memory:
000000007fad5000-0000000080000000 [REG:R--] (manifest) measured
000000007fac5000-000000007fad5000 [REG:RW-] (ssa) measured
000000007fac3000-000000007fac5000 [TCS:---] (tcs) measured
000000007fac1000-000000007fac3000 [REG:RW-] (tls) measured
000000007fa81000-000000007fac1000 [REG:RW-] (stack) measured
000000007fa41000-000000007fa81000 [REG:RW-] (stack) measured
000000007fa31000-000000007fa41000 [REG:RW-] (sig_stack) measured
000000007fa21000-000000007fa31000 [REG:RW-] (sig_stack) measured
000000007f9c7000-000000007fa17000 [REG:R-X] (code) measured
000000007fa17000-000000007fa21000 [REG:RW-] (data) measured
Measurement:
13b83d7730921bb4a5538725847dfee4435f6c9de496ad5db79a3f658a8c80b0
$ gramine-sgx python
Gramine is starting. Parsing TOML manifest file, this may take some time...
error: PAL failed Unable to load loader.entrypoint: -6
#...Makefile....
cat Makefile
ARCH_LIBDIR ?= /lib64
PYTHONDIR = /usr/bin
APPDIR = /home/xxxx/rsademo
ifeq ($(DEBUG),1)
GRAMINE_LOG_LEVEL = debug
else
GRAMINE_LOG_LEVEL = trace
endif
.PHONY: all
all: python.manifest python.manifest.sgx python.sig
python.manifest: python.manifest.template
gramine-manifest
-Dlog_level=debug
-Darch_libdir=/lib64
-Dentrypoint=$(realpath $(shell sh -c "command -v python3.9"))
python.manifest.template >python.manifest
python.manifest.sgx python.sig: sgx_sign
@:
.INTERMEDIATE: sgx_sign
sgx_sign: python.manifest
gramine-sgx-sign
--manifest $<
--output $<.sgx
.PHONY: clean
clean:
$(RM) *.manifest *.manifest.sgx *.token *.sig
#...python.manifest.template...
loader.entrypoint = "file:$(PYTHONDIR)/bin/python3.9"
libos.entrypoint = "file:$(APPDIR)/rsademo.py"
loader.argv = ["$(PYTHONDIR)/bin/python3.9", "rsademo.py"]
#loader.argv = ["./python", "rsademo.py"]
#loader.insecure__use_cmdline_argv = true
sys.enable_sigterm_injection = true
fs.mounts = [
Mount points for site-packages directories
{ path = "/usr/local/lib64/python3.9/site-packages", uri = "file:/usr/local/lib64/python3.9/site-packages" },
{ path = "/usr/local/lib/python3.9/site-packages", uri = "file:/usr/local/lib/python3.9/site-packages" },
{ path = "/usr/lib64/python3.9/site-packages", uri = "file:/usr/lib64/python3.9/site-packages" },
{ path = "/usr/lib/python3.9/site-packages", uri = "file:/usr/lib/python3.9/site-packages" },
... add other site-packages directories if needed ...
Mount point for the entrypoint (replace with the actual path to your Python script)
{ path = "/app", uri = "file:/home/xxxx/rsademo/rsademo.py" },
Mount point for a tmpfs
{ type = "tmpfs", path = "/tmp" },
Mount point for encrypted data
{ type = "encrypted", path = "/data", uri = "file:enclave_data", key_name = "_sgx_mrenclave" },
... other fs.mount entries as needed ...
]
sys.stack.size = "2M"
sys.enable_extra_runtime_domain_names_conf = true
sgx.debug = false
#sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.nonpie_binary = true
sgx.enclave_size = "2G"
sgx.max_threads = 2
sgx.edmm_enable = true
sgx.remote_attestation = "none"
# likely overkill
sgx.trusted_files = [
{ uri ="file:/usr/lib64/gramine/libsysdb.so" },
{ uri ="file:/lib64/" },
{ uri = "file:{{ entrypoint }}" },
{ uri = "file:/lib64/libpython3.9.so.1.0" },
{ uri = "file:/lib64/libc.so.6" },
{ uri = "file:/lib64/libm.so.6" },
{ uri = "file:/lib64/ld-linux-x86-64.so.2" },
{ uri = "file:/usr/lib64/python3.9/" },
{ uri = "file:/usr/lib64/python3.9/lib-dynload/" },
{ uri = "file:/usr/lib64/python3.9/site-packages/" },
{ uri = "file:/usr/lib/python3.9/site-packages/" },
{ uri ="file:/home/xxxx/rsademo/rsademo.py" },
# Add other trusted files as needed
]
Beta Was this translation helpful? Give feedback.
All reactions