Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-8435

OCP 4.12 does not support launching SGX enclaves

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.12.z
    • 4.12
    • Node / CRI-O
    • None
    • Important
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Intel SGX enclaves cannot be created on OCP 4.12 bare metal infrastructure. CRI-O v1.25+ version on OCP 4.12, does not allow SGX enclaves to be launched. The issue has been reported and fixed in the PR'S 
opencontainers/runtime-tools#759
opencontainers/runtime-tools#760 
The above PR's are not merged in the CRI-O version currently on OCP-4.12. Once merged, SGX enclaves can be created on 4.12.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      Reproducible on OCP 4.12 with SGX supported nodes to launch SGX enclaves containers

      Steps to Reproduce:

      1.

      Actual results:

      Any SGX enclave fails with enclave launch errors- For example: 2023-02-03T19:14:13.000000Z [(H)ERROR] tid(0x7faad6410b80) | enclave_create with ENCLAVE_TYPE_SGX1 type failed (err=0x1) (oe_result_t=OE_PLATFORM_ERROR) [/source/host/sgx/sgxload.c:oe_sgx_create_enclave:480] 2023-02-03T19:14:13.000000Z [(H)ERROR] tid(0x7faad6410b80) | :OE_PLATFORM_ERROR 
and enclave cannot be created.

      Expected results:

      SGX enclaves can be successfully created on 4.12

      Additional info:

       

              pehunt@redhat.com Peter Hunt
              veenadhari.bedida1@intel.com Veenadhari Bedida (Inactive)
              Sunil Choudhary Sunil Choudhary
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: