Troubleshooting#
Can’t find
<openenclave/host.h>(no such file or directory).Please configure environment variables for Open Enclave SDK for Linux as described in the installation step:
source /opt/openenclave/share/openenclave/openenclavercConsider adding this line to your
~/.bashrcto make the environment variables persist across sessions.Remote attestation fails with error:
Failed to get quote enclave identity information.OE_QUOTE_PROVIDER_CALL_ERROR (oe_result_t=OE_QUOTE_PROVIDER_CALL_ERROR).If you’re using an ACC (Azure Confidential Computing) VM, this may be a sign of a
dcap-clientversion issue. Thedcap-clientshould be at least version 1.1. You can check your version by doinguser@accvm:~$ dpkg --list | grep dcap-client ii az-dcap-client 1.1 amd64 Intel(R) SGX DCAP plugin for Azure Integration
If the version is not at least 1.1, upgrade by doing the following.
curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - sudo apt-add-repository https://packages.microsoft.com/ubuntu/18.04/prod sudo apt-get update sudo apt-get install az-dcap-clientFailed to create enclave:
enclave_create with ENCLAVE_TYPE_SGX1 type failedThis error may be symptomatic of a machine that does not support Intel SGX. Check if your machine supports it by doing
oesgx
If your machine doesn’t support SGX, you can still use the library in simulation mode for local development and testing.
Alternatively, this error may be symptomatic of an outdated DCAP driver. Check the version by doing
modinfo intel_sgx
If the version is below 1.21, update the DCAP driver by following step 2 here.
Permission denied
This may be symptomatic of an SSH authentication error. Be sure that the SSH public key of the machine running the tracker is in the
~/.ssh/authorized_keysfile of each node in the cluster.Hung connection
If the tracker is hung after logging a statement similar to
start listen on ..., the tracker may be hung listening for an initial signal from a node in the cluster. Ensure that ports 9000-9100 are open on each machine.