Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When the trustee 0.8.0 tag version is compiled on openEuler, the following error message is displayed. Can you help me analyze it? #477

Open
ccxiaop opened this issue Aug 25, 2024 · 7 comments

Comments

@ccxiaop
Copy link

ccxiaop commented Aug 25, 2024

error: failed to run custom build command for tdx-attest-sys v0.1.0 (https://github.com/intel/SGXDataCenterAttestationPrimitives?tag=DCAP_1.16#71557c7d)

Caused by:
process didn't exit successfully: /home/bp/trustee/target/release/build/tdx-attest-sys-6f67a20aa12deb63/build-script-build (exit status: 101)
--- stdout
cargo:rustc-link-lib=tdx_attest
cargo:rerun-if-changed=bindings.h

--- stderr
bindings.h:32:10: fatal error: 'tdx_attest.h' file not found
bindings.h:32:10: fatal error: 'tdx_attest.h' file not found, err: true
thread 'main' panicked at /root/.cargo/git/checkouts/sgxdatacenterattestationprimitives-d6934a418e6beae0/71557c7/QuoteGeneration/quote_wrapper/tdx-attest-sys/build.rs:79:10:
Unable to generate bindings: ()
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: failed to run custom build command for sgx-dcap-quoteverify-sys v0.2.0 (https://github.com/intel/SGXDataCenterAttestationPrimitives?tag=DCAP_1.16#71557c7d)

Caused by:
process didn't exit successfully: /home/bp/trustee/target/release/build/sgx-dcap-quoteverify-sys-00d6dc6df7df536a/build-script-build (exit status: 101)
--- stdout
cargo:rustc-link-lib=sgx_dcap_quoteverify
cargo:rerun-if-changed=bindings.h

--- stderr
warning: /usr/local/include: 'linker' input unused [-Wunused-command-line-argument]
bindings.h:32:10: fatal error: 'sgx_dcap_quoteverify.h' file not found
clang diag: warning: /usr/local/include: 'linker' input unused [-Wunused-command-line-argument]
thread 'main' panicked at /root/.cargo/git/checkouts/sgxdatacenterattestationprimitives-d6934a418e6beae0/71557c7/QuoteVerification/dcap_quoteverify/sgx-dcap-quoteverify-sys/build.rs:81:10:
Unable to generate bindings: ClangDiagnostic("bindings.h:32:10: fatal error: 'sgx_dcap_quoteverify.h' file not found\n")
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
error: failed to run custom build command for api-server v0.1.0 (/home/bp/trustee/src/api)

@Xynnn007
Copy link
Member

For attestation-agent, you should also install libtdx-attest-dev and libtdx-attest. The sources can be find https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/distro/

For CoCo-AS in trustee, you can refer to https://github.com/confidential-containers/trustee/blob/main/attestation-service/docker/as-grpc/Dockerfile#L15-L17 for dependencies.

@ccxiaop
Copy link
Author

ccxiaop commented Aug 26, 2024

sorry

For attestation-agent, you should also install libtdx-attest-dev and libtdx-attest. The sources can be find https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/distro/

For CoCo-AS in trustee, you can refer to https://github.com/confidential-containers/trustee/blob/main/attestation-service/docker/as-grpc/Dockerfile#L15-L17 for dependencies.

sorry,I'm building on an openeuler system with aarch64 and I don't seem to find the above package. Is there any other way to solve this problem? I understand that trustee can be independent of these. I'm using v0.8.0.

@Xynnn007
Copy link
Member

Well, tdx is an ISA on Intel x86-64 platform thus aarch64 must not fulfill the attester function. libtdx-attest-dev is some code that calls TDX instructions and Intel does not provide underlying dynamic libs on platforms other than x86-64 thus it must not be compiled.

For verifier side, Intel DCAP leverages verifier function. I am not sure if intel-tee-quote-verification-rs supports to be compiled on aarch64. It depends on whther the intel-tee-quote-verification-rs is only a wrapper of .so files (this case cannot be compiled on aarch64), or itself compilable.

@ccxiaop
Copy link
Author

ccxiaop commented Aug 26, 2024

Well, tdx is an ISA on Intel x86-64 platform thus aarch64 must not fulfill the attester function. libtdx-attest-dev is some code that calls TDX instructions and Intel does not provide underlying dynamic libs on platforms other than x86-64 thus it must not be compiled.

For verifier side, Intel DCAP leverages verifier function. I am not sure if intel-tee-quote-verification-rs supports to be compiled on aarch64. It depends on whther the intel-tee-quote-verification-rs is only a wrapper of .so files (this case cannot be compiled on aarch64), or itself compilable.

I'm using version 0.8 of the trustee, which separates the trustee and as services. I'm doing remote attestation for the arm platform. I want to use grpc for bilateral communication, so I think trustee can be compiled without relying on this tdx. What should I do to solve this problem?

@mythi
Copy link
Contributor

mythi commented Aug 26, 2024

What should I do to solve this problem?

The problem is that AS is built with all-verifiers feature by default. The fix is to built with the desired verifiers.

@ccxiaop
Copy link
Author

ccxiaop commented Aug 28, 2024

What should I do to solve this problem?

The problem is that AS is built with all-verifiers feature by default. The fix is to built with the desired verifiers.

thanks.

@liupengroc
Copy link

Good good good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants