Workflow of the secret_prov_minimal example

[jogi343]

Hello All,

I need some help in understanding the secret_prov_minimal example.

As mentioned in the README,

The servers are supposed to run on trusted machines (not in SGX enclaves). The servers listen for client connections. For each connected client, the servers verify the client's RA-TLS certificate and the embedded SGX quote and, if verification succeeds, sends secrets back to the client.

1. But in the secret_prov_minimal example, where exactly is the client making any connection to the outside server? Because in client.c, I only see that the SECRET_PROVISION_SECRET_STRING environment variable is being read.
   So how does the server manages to set the key inside SECRET_PROVISION_SECRET_STRING ? if the client is not making any active connection?
   Or should starting a client enclave and making a connection from it to the server be implemented by the developer?

2. I am writing an application (not in C) and it wants to use this key stored in SECRET_PROVISION_SECRET_STRING. So in order to do this, I will have to run these server and client before running my application and then start my application in the same
   enclave to use that key, is this understanding of mine correct?

Thank you and regards.

[dimakuv]

So how does the server manages to set the key inside SECRET_PROVISION_SECRET_STRING ? if the client is not making any active connection?

It's not correct. The client does make the connection to the server. It's just that this connection is hidden by this magic option in the manifest file:

gramine/CI-Examples/ra-tls-secret-prov/secret_prov_minimal/client.manifest.template

Line 10 in ede508c

loader.env.SECRET_PROVISION_CONSTRUCTOR = "1"

Check our documentation on this SECRET_PROVISION_CONSTRUCTOR magic: https://gramine.readthedocs.io/en/stable/attestation.html#secret-prov-attest-so

Or browse the source code, if you're interested in the C details:

gramine/tools/sgx/ra-tls/secret_prov_attest.c

Line 370 in ede508c

__attribute__((constructor)) static void secret_provision_constructor(void) {

So in other words, we're using the constructor trick of preloaded libraries to execute the "connect to the server" logic before the application even starts. That's why the example is called _minimal -- it has minimal code required to be written by the developer (actually, no code at all).

I am writing an application (not in C) and it wants to use this key stored in SECRET_PROVISION_SECRET_STRING. So in order to do this, I will have to run these server and client before running my application and then start my application in the same
enclave to use that key, is this understanding of mine correct?

You don't need a separate client application. Just add lines similar to these to your client manifest file:

gramine/CI-Examples/ra-tls-secret-prov/secret_prov_minimal/client.manifest.template

Lines 9 to 12 in ede508c

	loader.env.LD_PRELOAD = "libsecret_prov_attest.so"
	loader.env.SECRET_PROVISION_CONSTRUCTOR = "1"
	loader.env.SECRET_PROVISION_CA_CHAIN_PATH = "/ca.crt"
	loader.env.SECRET_PROVISION_SERVERS = "dummyserver:80;localhost:4433;anotherdummy:4433"

This will make your client app to automatically connect to the server on startup and store the received secret in the SECRET_PROVISION_SECRET_STRING environment variable. Then your client just needs to read this envvar, whenever it needs to use this secret.

The server itself can be kept as-is, but you need to specify the expected MRENCLAVE/MRSIGNER/other fields when you deploy it in a production/close to production environment.

[jogi343]

Thank you @dimakuv for a great explanation.

Now I am just trying to run the minimal client with the server. The server runs fine, but when I run the client I get this error:

Parsing TOML manifest file, this may take some time...
error: aesm_service returned error: 30
error: load_enclave() failed with error -1

My machine has SGX1 with no FLC. Running on Ubuntu 20.04.
aesmd status is active and running. I am able to run regular applications using Gramine without any issue.

I understand that my Gramine version is much older but not sure if it's related to this error.

What could be the reason behind this error?

Regards,

[dimakuv]

Since you don't have FLC, you should use the EPID attestation scheme. Is that what you do?

If you try to use the DCAP attestation scheme, then AESM will complain.

Also, did you install all required EPID-related packages and plugins to AESM?

[jogi343]

Thank you again @dimakuv for your help. Now secret provisioning is working fine.

Yes, I am using EPID attestation.
It seems that the issue was indeed due to not having all the EPID related packages and AESM plugins installed.
I ran the following commands (as mentioned here):

sudo apt update
sudo apt install sgx-aesm-service libsgx-aesm-launch-plugin libsgx-aesm-epid-plugin

and it started working.