Skip to content

Commit d30d8ff

Browse files
anzomananzoman
authored
Merge pull request #1047 from oasisprotocol/anzoman/document-setting-up-tee-for-ibm-cloud
tee: Add instructions for configuring DCAP on IBM Cloud
2 parents ce18897 + 4050d66 commit d30d8ff

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

docs/node/run-your-node/prerequisites/set-up-trusted-execution-environment-tee.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,12 +161,16 @@ Some cloud providers require you to use their PCCS.
161161
- Alibaba Cloud: See the [Alibaba Cloud documentation] for details on configuring the quote provider. The
162162
documentation shows the required `sgx_default_qcnl.conf` changes.
163163

164+
- IBM Cloud: See the [IBM Cloud documentation] for details on configuring the quote provider. The
165+
documentation shows the required `sgx_default_qcnl.conf` changes.
166+
164167
- Other cloud providers: If you are using a different cloud service provider, consult their
165168
specific documentation for the appropriate PCCS configuration and guidance on configuring the quote provider, or
166169
use one of the other PCCS options.
167170

168171
[Azure documentation]: https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management#how-do-i-use-intel-qpl-with-trusted-hardware-identity-management
169172
[Alibaba Cloud documentation]: https://www.alibabacloud.com/help/en/ecs/user-guide/build-an-sgx-encrypted-computing-environment
173+
[IBM Cloud documentation]: https://cloud.ibm.com/docs/vpc?topic=vpc-about-attestation-sgx-dcap-vpc
170174

171175
#### Own PCCS
172176

@@ -542,6 +546,26 @@ This may be related to a bug in the Linux kernel when attempting to run enclaves
542546
on certain hardware configurations. Upgrading the Linux kernel to a version
543547
equal to or greater than 6.5.0 may solve the issue.
544548

549+
### Unable to Launch Enclaves: Input/output error
550+
551+
If running `sgx-detect --verbose` reports:
552+
553+
```
554+
🕮 SGX system software > Able to launch enclaves > Debug mode
555+
The enclave could not be launched.
556+
557+
debug: failed to load report enclave
558+
debug: cause: Failed to call ECREATE.
559+
debug: cause: I/O ctl failed.
560+
debug: cause: Input/output error (os error 5)
561+
```
562+
563+
This may be related to a bug in the [`rust-sgx`](https://github.com/fortanix/rust-sgx/issues/565)
564+
library causing `sgx-detect` (and `attestation-tool`) to fail and report that
565+
debug enclaves cannot be launched. This is a known issue and is being worked on.
566+
If the `sgx-detect` is reporting that production enclaves can be launched, you
567+
can ignore this error when setting up the Oasis node.
568+
545569
### Couldn't find the platform library
546570

547571
If AESMD service log reports:

0 commit comments

Comments
 (0)