-
Bug
-
Resolution: Done
-
Major
-
4.12
-
None
-
Important
-
None
-
Rejected
-
False
-
Description of problem:
Intel SGX enclaves cannot be created on OCP 4.12 bare metal infrastructure. CRI-O v1.25+ version on OCP 4.12, does not allow SGX enclaves to be launched. The issue has been reported and fixed in the PR'S opencontainers/runtime-tools#759 opencontainers/runtime-tools#760 The above PR's are not merged in the CRI-O version currently on OCP-4.12. Once merged, SGX enclaves can be created on 4.12.
Version-Release number of selected component (if applicable):
How reproducible:
Reproducible on OCP 4.12 with SGX supported nodes to launch SGX enclaves containers
Steps to Reproduce:
1.
Actual results:
Any SGX enclave fails with enclave launch errors- For example: 2023-02-03T19:14:13.000000Z [(H)ERROR] tid(0x7faad6410b80) | enclave_create with ENCLAVE_TYPE_SGX1 type failed (err=0x1) (oe_result_t=OE_PLATFORM_ERROR) [/source/host/sgx/sgxload.c:oe_sgx_create_enclave:480] 2023-02-03T19:14:13.000000Z [(H)ERROR] tid(0x7faad6410b80) | :OE_PLATFORM_ERROR and enclave cannot be created.
Expected results:
SGX enclaves can be successfully created on 4.12
Additional info:
- is cloned by
-
OCPBUGS-7214 [4.12] OCP 4.12 does not support launching SGX enclaves
- Closed
-
OCPBUGS-8435 OCP 4.12 does not support launching SGX enclaves
- Closed