Skip to content

avoid triggering an entire sgx report creation just to know mrenclave #1405

New issue
New issue
Closed
#1437
Closed
avoid triggering an entire sgx report creation just to know mrenclave#1405
#1437
Assignees
brenzi
@brenzi

Description

@brenzi
brenzi
opened on Aug 5, 2023

We are currently abusing the sgx report creation process which involves an ocall as well as a call to AESM service for each execution:

worker/core-primitives/stf-executor/src/executor.rs

Line 94 in d1b8cbe

let mrenclave = self.ocall_api.get_mrenclave_of_self()?;

I observed this in the flaky M6 CI test log:

[+] Found 0 block(s) to sync
[+] Received trusted call for shard AifFGTW9BzQV3ei24LyFCC2wPvES5QLCcRg9AYZw2HQb
[+] Received finalized header update (53), syncing parent chain...
[+] Found 1 block(s) to sync
[+] Found 1 event vector(s) to sync
[2023-08-04T21:30:38Z WARN  sp_io::storage] storage::start_transaction unimplemented
[2023-08-04T21:30:38Z WARN  sp_io::storage] storage::commit_transaction unimplemented
Synced 53 out of 53 finalized parentchain blocks
[+] Found 0 block(s) to sync
[+] Received finalized header update (54), syncing parent chain...
[+] Found 1 block(s) to sync
[+] Found 1 event vector(s) to sync
[2023-08-04T21:30:48Z WARN  sp_io::storage] storage::start_transaction unimplemented
[2023-08-04T21:30:48Z WARN  sp_io::storage] storage::commit_transaction unimplemented
Synced 54 out of 54 finalized parentchain blocks
[+] Found 0 block(s) to sync
[+] Received finalized header update (55), syncing parent chain...
[+] Found 1 block(s) to sync
[+] Found 1 event vector(s) to sync
[2023-08-04T21:31:00Z WARN  sp_io::storage] storage::start_transaction unimplemented
[2023-08-04T21:31:00Z WARN  sp_io::storage] storage::commit_transaction unimplemented
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
[2023-08-04T21:31:00Z ERROR integritee_service::ocall_bridge::ffi::init_quote] [-]  Failed to init quote: InitQuote(SGX_ERROR_SERVICE_UNAVAILABLE)
[2023-08-04T21:31:00Z ERROR itp_stf_executor::executor] Fatal Error. Failed to attempt call execution: Sgx(SGX_ERROR_SERVICE_UNAVAILABLE)
Synced 55 out of 55 finalized parentchain blocks
[+] Found 0 block(s) to sync
[+] Received finalized header update (56), syncing parent chain...
[+] Found 1 block(s) to sync
[+] Found 1 event vector(s) to sync
[2023-08-04T21:31:12Z WARN  sp_io::storage] storage::start_transaction unimplemented
[2023-08-04T21:31:12Z WARN  sp_io::storage] storage::commit_transaction unimplemented
[init ../../../psw/ae/aesm_service/source/core/ipc/UnixCommunicationSocket.cpp:225] Failed to connect to socket /var/run/aesmd/aesm.socket
[2023-08-04T21:31:13Z ERROR integritee_service::ocall_bridge::ffi::init_quote] [-]  Failed to init quote: InitQuote(SGX_ERROR_SERVICE_UNAVAILABLE)
[2023-08-04T21:31:13Z ERROR itp_stf_executor::executor] Fatal Error. Failed to attempt call execution: Sgx(SGX_ERROR_SERVICE_UNAVAILABLE)
Synced 56 out of 56 finalized parentchain blocks

While the root cause seems to be that the AESM service is unavailable, I do question that we use this service so often. The mrenlave doesn't change once our worker has started, so we should not use such involved means to obtain it.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions