Gramine + Curl fails

[nmwael]

Im having trouble getting curl working, we are launching a bash script that pulls the current sgx quote and uses curl to make a request to a webservice. Using curl just to post some small datablock works like 'hellworld'. Pulling the quote directly into curl using the pseudo file also fails.

I've tried a lot of things but are currently stuck.

Ive tried blindly rasing stack and brk size:

sys.stack.size = "1M"
sys.brk.max_size = "1M"

Content of my small script:

    file_content=$(base64 /dev/attestation/quote)
    attestationResult=$(/bin/curl https://ngrok.dev/checkFile -w "%{http_code}" -X POST --data-binary "$file_content" )

LOG dump

(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: ---- execve("/bin/curl", [/bin/curl,https://ngrok.dev/checkFile,-X,POST,--data-binary,AwACAAAAAAAJAA4Ak5pyM/ecTKmUCg2zlX8GB+Zmd2n2VZ5cmYxA/pFhZzAAAAAACwsQD///AQAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAADnAAAAAAAAABWN
BpCCiXqEId5B3
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: xgskCjQCU56blOgiMlQwb4kyN/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAADqh9+LpIndgx6XNgl+XuEZWXqHJel/yoU7nvk7H8jzswAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyhAAADXF8uKXsvjMH0gBMxvL2AEnCeh/
BQSRTqje6aZaYljjK+6o7eCokuYUBgV+VOVsgdn0jPeC931i2Lnx0n6VFqMx0o5
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: p+NTAl5qN0Xx6
XZobLQHcVEseJ1nkLPuIO2IifUiHuFBmNboybJGD20CCiCztFaiajBb0dkjijAdC6mFbCwsQD///
AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQAAAAAAAADnAAAAAAAA
ABkqpQzhwM7wPM+J57Wxaw15ePXCse3Pd02HcC6BVNi/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAC
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: MT1d115ZQPpYTf3fGioKaAFasje1wFAsIGwlEkMV7/wAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: AACFOyOFRUFU0A9M67dRrrXQBUOyFXE08IlN3AAl
RmaUYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1fGfLCvxxTis79xfXa9ixKTwdREi
6PJWfpHV1X1aED9mCp+5yfmVQ48jdfpIy62tHOPHoJYuXTOq3P+v/ufCMSAAAAECAwQFBgcICQoL
DA0ODxAREhMUFRYXGBkaGxwdHh8FAGIOAAAtLS0tLUJFR0lOIENFUlRJRklDQ
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: VRFLS0tLS0KTUlJ
RTh6Q0NCSm1nQXdJQkFnSVZBT3NEVHlDQXpkOGYrSUpxQy9QdkNQRm1JbFdQTUFvR0NDcUdTTTQ5
QkFNQwpNSEF4SWpBZ0JnTlZCQU1NR1VsdWRHVnNJRk5IV0NCUVEwc2dVR3hoZEdadmNtMGdRMEV4
R2pBWUJnTlZCQW9NCkVVbHVkR1ZzSUVOdmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUw
WVNCRGJHR
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: nlZVEVMTUFrR0ExVUUKQ0F3Q1EwRXhDekFKQmdOVkJBWVRBbFZUTUI0WERUSXpNRE14
TnpBMU5UVXlNVm9YRFRNd01ETXhOekExTlRVeQpNVm93Y0RFaU1DQUdBMVVFQXd3WlNXNTBaV3dn
VTBkWUlGQkRTeUJEWlhKMGFXWnBZMkYwWlRFYU1CZ0dBMVVFCkNnd1JTVzUwWld3Z1EyOXljRzl5
WVhScGIyNHhGREFTQmdOVkJBY01DMU5oYm
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: 5SaElFTnNZWEpoTVFzd0NRWUQKVlFRSURBSkRRVEVM
TUFrR0ExVUVCaE1DVlZNd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFUeApmaEJQ
RmtZWE4yYzdwWlBhSXZLTytmeFgyRmxZMjNsb2t6ZDJtZFhqbmd0a21ia2lNMENrY1ByRHFtM1Jj
UDhsCldmSURUZXlFY2FmTSsvcW9qbnlObzRJRERqQ0NBd293SHdZRFZSMGp
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: CQmd3Rm9BVWxXOWR6
YjBiNGVsQVNjblUKOURQT0FWY0wzbFF3YXdZRFZSMGZCR1F3WWpCZ29GNmdYSVphYUhSMGNITTZM
eTloY0drdWRISjFjM1JsWkhObApjblpwWTJWekxtbHVkR1ZzTG1OdmJTOXpaM2d2WTJWeWRHbG1h
V05oZEdsdmJpOTJNeTl3WTJ0amNtdy9ZMkU5CmNHeGhkR1p2Y20wbVpXNWpiMlJwYm1jOVpHVnlN
QjBHQTF
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: VZERnUVdCQlRpa09pQVo3WXZtakhOOXo1UVFNM1YKZ3VmbzF6QU9CZ05WSFE4QkFmOEVC
QU1DQnNBd0RBWURWUjBUQVFIL0JBSXdBRENDQWpzR0NTcUdTSWI0VFFFTgpBUVNDQWl3d2dnSW9N
QjRHQ2lxR1NJYjRUUUVOQVFFRUVKbXhsWHRZQjlPOU9FV2lrMXNtWVFJd2dnRmxCZ29xCmhraUcr
RTBCRFFFQ01JSUJWVEFRQmdzcWhraUcr
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: RTBCRFFFQ0FRSUJDekFRQmdzcWhraUcrRTBCRFFFQ0Fn
SUIKQ3pBUUJnc3Foa2lHK0UwQkRRRUNBd0lCQXpBUUJnc3Foa2lHK0UwQkRRRUNCQUlCQXpBUkJn
c3Foa2lHK0UwQgpEUUVDQlFJQ0FQOHdFUVlMS29aSWh2aE5BUTBCQWdZQ0FnRC9NQkFHQ3lxR1NJ
YjRUUUVOQVFJSEFnRUJNQkFHCkN5cUdTSWI0VFFFTkFRSUlBZ0VBTUJBR
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: 0N5cUdTSWI0VFFFTkFR
SUpBZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSUsKQWdFQU1CQUdDeXFHU0liNFRRRU5BUUlMQWdFQU1C
QUdDeXFHU0liNFRRRU5BUUlNQWdFQU1CQUdDeXFHU0liNApUUUVOQVFJTkFnRUFNQkFHQ3lxR1NJ
YjRUUUVOQVFJT0FnRUFNQkFHQ3lxR1NJYjRUUUVOQVFJUEFnRUFNQkFHCkN5cUdTSWI0VFFFTkFR
SVFBZ
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: 0VBTUJBR0N5cUdTSWI0VFFFTkFRSVJBZ0VOTUI4R0N5cUdTSWI0VFFFTkFRSVMKQkJBTEN3
TUQvLzhCQUFBQUFBQUFBQUFBTUJBR0NpcUdTSWI0VFFFTkFRTUVBZ0FBTUJRR0NpcUdTSWI0VFFF
TgpBUVFFQmdCZ2FnQUFBREFQQmdvcWhraUcrRTBCRFFFRkNnRUJNQjRHQ2lxR1NJYjRUUUVOQVFZ
RUVIQUFOalFiClpYb0hPczB6ZU8zen
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: cvZ3dSQVlLS29aSWh2aE5BUTBCQnpBMk1CQUdDeXFHU0li
NFRRRU5BUWNCQVFIL01CQUcKQ3lxR1NJYjRUUUVOQVFjQ0FRRUFNQkFHQ3lxR1NJYjRUUUVOQVFj
REFRRUFNQW9HQ0NxR1NNNDlCQU1DQTBnQQpNRVVDSVFDQlZuTjVDSEEwS3lFRUQ3aWZBQnhUK3pp
eXgvOTZmdmhuVmxZaHY3Q09IZ0lnS1V2MmNzcnpWU3JGCnZSWFFaWHZ
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: XVW1JM2t2amU0Y21QWEEz
QVZHSWorcTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FU
RS0tLS0tCk1JSUNsakNDQWoyZ0F3SUJBZ0lWQUpWdlhjMjlHK0hwUUVuSjFQUXp6Z0ZYQzk1VU1B
b0dDQ3FHU000OUJBTUMKTUdneEdqQVlCZ05WQkFNTUVVbHVkR1ZzSUZOSFdDQlNiMjkwSUVOQk1S
b3d
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: HQVlEVlFRS0RCRkpiblJsYkNCRApiM0p3YjNKaGRHbHZiakVVTUJJR0ExVUVCd3dMVTJGdWRH
RWdRMnhoY21FeEN6QUpCZ05WQkFnTUFrTkJNUXN3CkNRWURWUVFHRXdKVlV6QWVGdzB4T0RBMU1q
RXhNRFV3TVRCYUZ3MHpNekExTWpFeE1EVXdNVEJhTUhBeElqQWcKQmdOVkJBTU1HVWx1ZEdWc0lG
TkhXQ0JRUTBzZ1VHeGhkR1p2Y20w
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: Z1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWcwpJRU52Y25CdmNt
RjBhVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNBd0NRMEV4CkN6
QUpCZ05WQkFZVEFsVlRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVOU0IvN3Qy
MWxYU08KMkN1enB4dzc0ZUpCNzJFeURHZ1c1clhDdHgydFZUTHE2a
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: EtrNnorVWlSWkNucVI3cHNP
dmdxRmVTeGxtVGxKbAplVG1pMldZejNxT0J1ekNCdURBZkJnTlZIU01FR0RBV2dCUWlaUXpXV3Aw
MGlmT0R0SlZTdjFBYk9TY0dyREJTCkJnTlZIUjhFU3pCSk1FZWdSYUJEaGtGb2RIUndjem92TDJO
bGNuUnBabWxqWVhSbGN5NTBjblZ6ZEdWa2MyVnkKZG1salpYTXVhVzUwWld3dVkyOXRMMGx1ZEdW
c
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: 1UwZFlVbTl2ZEVOQkxtUmxjakFkQmdOVkhRNEVGZ1FVbFc5ZAp6YjBiNGVsQVNjblU5RFBPQVZj
TDNsUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCkFmOENBUUF3Q2dZ
SUtvWkl6ajBFQXdJRFJ3QXdSQUlnWHNWa2kwdytpNlZZR1czVUYvMjJ1YVhlMFlKRGoxVWUKbkEr
VGpEMWFpNWNDSUNZYjFTQW1ENX
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: hrZlRWcHZvNFVveWlTWXhyRFdMbVVSNENJOU5LeWZQTisKLS0t
LS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQ2p6
Q0NBalNnQXdJQkFnSVVJbVVNMWxxZE5JbnpnN1NWVXI5UUd6a25CcXd3Q2dZSUtvWkl6ajBFQXdJ
dwphREVhTUJnR0ExVUVBd3dSU1c1MFpXd2dVMGRZSUZKdmIzUWd
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: RMEV4R2pBWUJnTlZCQW9NRVVs
dWRHVnNJRU52CmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFr
R0ExVUVDQXdDUTBFeEN6QUoKQmdOVkJBWVRBbFZUTUI0WERURTRNRFV5TVRFd05EVXhNRm9YRFRR
NU1USXpNVEl6TlRrMU9Wb3dhREVhTUJnRwpBMVVFQXd3UlNXNTBaV3dnVTBkWUlGSnZiM1FnUTBF
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace:
eEdqQVlCZ05WQkFvTUVVbHVkR1ZzSUVOdmNuQnZjbUYwCmFXOXVNUlF3RWdZRFZRUUhEQXRUWVc1
MFlTQkRiR0Z5WVRFTE1Ba0dBMVVFQ0F3Q1EwRXhDekFKQmdOVkJBWVQKQWxWVE1Ga3dFd1lIS29a
SXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUM2bkV3TURJWVpPai9pUFdzQ3phRUtpNwoxT2lPU0xS
RmhXR2pibkJWSmZWbmtZNHUz
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: SWprRFlZTDBNeE80bXFzeVlqbEJhbFRWWXhGUDJzSkJLNXpsS09C
CnV6Q0J1REFmQmdOVkhTTUVHREFXZ0JRaVpReldXcDAwaWZPRHRKVlN2MUFiT1NjR3JEQlNCZ05W
SFI4RVN6QkoKTUVlZ1JhQkRoa0ZvZEhSd2N6b3ZMMk5sY25ScFptbGpZWFJsY3k1MGNuVnpkR1Zr
YzJWeWRtbGpaWE11YVc1MApaV3d1WTI5dEwwbHVkR1ZzVTBkW
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: VVtOXZkRU5CTG1SbGNqQWRCZ05W
SFE0RUZnUVVJbVVNMWxxZE5JbnpnN1NWClVyOVFHemtuQnF3d0RnWURWUjBQQVFIL0JBUURBZ0VH
TUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFFd0NnWUkKS29aSXpqMEVBd0lEU1FBd1JnSWhBT1cv
NVFrUitTOUNpU0RjTm9vd0x1UFJMc1dHZi9ZaTdHU1g5NEJnd1R3ZwpBaUVBNEowbHJIb01zK1
(libos_parser.c:1609:buf_write_all) [P4:T4:bash] trace: hv
NW8vc1g2TzlRV3hIUkF2WlVHT2RSUTdjdnFSWGFxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0t
LQoA,], [LANGUAGE=en_US:en,JAVA_HOME=/opt/java/openjdk,]) ...
(libos_ipc.c:212:ipc_send_message_to_conn) [P4:T4:curl] debug: Sending ipc message to 1
(libos_ipc_worker.c:193:receive_ipc_messages) [P1:libos] debug: IPC worker: received IPC message from 4: code=17 size=21 seq=2
(libos_fs_lock.c:653:posix_lock_clear_pid) [P1:libos] debug: clearing POSIX locks for pid 4
(libos_ipc.c:212:ipc_send_message_to_conn) [P1:libos] debug: Sending ipc message to 4
(libos_ipc.c:247:wait_for_response) [P4:T4:curl] debug: Waiting for a response to 2
(libos_ipc_worker.c:193:receive_ipc_messages) [P4:libos] debug: IPC worker: received IPC message from 1: code=0 size=21 seq=2
(libos_ipc.c:331:ipc_response_callback) [P4:libos] debug: Got an IPC response from 1, seq: 2
(libos_ipc.c:254:wait_for_response) [P4:T4:curl] debug: Waiting finished: Success (PAL_ERROR_SUCCESS)
(libos_ipc.c:212:ipc_send_message_to_conn) [P4:T4:curl] debug: Sending ipc message to 1
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from read(...) = 0x0
(libos_ipc_worker.c:193:receive_ipc_messages) [P1:libos] debug: IPC worker: received IPC message from 4: code=2 size=37 seq=0
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- close(3) = 0x0
(libos_ipc_child.c:59:ipc_cld_exit_callback) [P1:libos] debug: IPC callback from 4: IPC_MSG_CHILDEXIT(1, 4, 0, 9)
(libos_ipc_child.c:63:ipc_cld_exit_callback) [P1:libos] debug: Child process (pid: 4) died
(libos_context.c:279:prepare_sigframe) [P1:T1:bash] debug: Created sigframe for sig: 17 at 0x5146e150 (handler: 0x51814a70, restorer: 0x515b1d30)
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- wait4(-1, 0x5146e0e0, WNOHANG, 0) ...
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from wait4(...) = 0x4
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- wait4(-1, 0x5146e0e0, WNOHANG, 0) ...
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from wait4(...) = -10
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigreturn()
(libos_sync_client.c:331:shutdown_sync_client) [P4:T4:curl] debug: sync client shutdown: closing handles
(libos_sync_client.c:346:shutdown_sync_client) [P4:T4:curl] debug: sync client shutdown: waiting for confirmation
(libos_sync_client.c:359:shutdown_sync_client) [P4:T4:curl] debug: sync client shutdown: finished
(libos_ipc_pid.c:320:ipc_release_id_range) [P4:T4:curl] debug: sending a request: [4..4]
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigprocmask(BLOCK, [SIGCHLD,], [], 0x8) = 0x0
(libos_ipc.c:212:ipc_send_message_to_conn) [P4:T4:curl] debug: Sending ipc message to 1
(libos_ipc_worker.c:193:receive_ipc_messages) [P1:libos] debug: IPC worker: received IPC message from 4: code=4 size=25 seq=0
(libos_ipc_pid.c:333:ipc_release_id_range_callback) [P1:libos] debug: release_id_range(4..4)
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigaction([SIGINT], 0x5146ea10, 0x5146eab0, 0x8) = 0x0
(libos_ipc_pid.c:323:ipc_release_id_range) [P4:T4:curl] debug: ipc_send_message: Success
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigaction([SIGINT], 0x5146ea10, 0x5146eab0, 0x8) = 0x0
(libos_ipc_worker.c:285:ipc_worker_main) [P4:libos] debug: IPC worker: exiting worker thread
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigprocmask(SETMASK, [], NULL, 0x8) = 0x0
(libos_exit.c:58:libos_clean_and_exit) [P4:T4:curl] debug: process 4 exited with status 137
(pal_process.c:248:_PalProcessExit) debug: PalProcessExit: Returning exit code 137
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- brk(0x51dc9000) = 0x51dc9000
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- write(1, 0x51d9ffc0, 0x10) ...
curlcheck >>>
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from write(...) = 0x10
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- read(255, 0x51d9b190, 0x407) ...
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from read(...) = 0x134
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- write(1, 0x51d9ffc0, 0x1f) ...
>CONFIDENTIAL debug
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from write(...) = 0x1f
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- write(1, 0x51d9ffc0, 0x43) ...
CONFIDENTIAL [2/2]  attestation failed aborting
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from write(...) = 0x43
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- write(1, 0x51d9ffc0, 0x1) ...

(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from write(...) = 0x1
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- read(255, 0x51d9b190, 0x407) ...
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- return from read(...) = 0x0
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigprocmask(BLOCK, [SIGCHLD,], [], 0x8) = 0x0
(libos_parser.c:1609:buf_write_all) [P1:T1:bash] trace: ---- rt_sigprocmask(SETMASK, [], NULL, 0x8) = 0x0
(libos_exit.c:212:libos_syscall_exit_group) [P1:T1:bash] debug: ---- exit_group (returning 0)
(libos_fs_lock.c:653:posix_lock_clear_pid) [P1:T1:bash] debug: clearing POSIX locks for pid 1
(libos_sync_client.c:331:shutdown_sync_client) [P1:T1:bash] debug: sync client shutdown: closing handles
(libos_sync_client.c:346:shutdown_sync_client) [P1:T1:bash] debug: sync client shutdown: waiting for confirmation
(libos_sync_client.c:359:shutdown_sync_client) [P1:T1:bash] debug: sync client shutdown: finished
(libos_ipc_worker.c:285:ipc_worker_main) [P1:libos] debug: IPC worker: exiting worker thread
(libos_exit.c:58:libos_clean_and_exit) [P1:T1:bash] debug: process 1 exited with status 0

Any help will be greatly appreciated.

[nmwael]

I do seem to get better results using:
/bin/curl https://ngrok.dev/checkFile -X POST --data-binary @/dev/attestation/quote

[dimakuv]

(libos_exit.c:58:libos_clean_and_exit) [P4:T4:curl] debug: process 4 exited with status 137

This line in the log shows that Curl is failing somehow. Unfortunately, the debug log doesn't show anything else interesting.

Could you rebuild your example with loader.log_level = "trace", rerun and attach the resulting log? This will provide much more info.

[nmwael]

using /bin/curl https://ngrok.dev/checkFile -X POST --data-binary @/dev/attestation/quote is working as expected.

Must have done something wrong .. Thanks for the attention.

[mkow]

I'm not sure if what you're doing is secure, quote usually isn't secret, but in your deployment if someone knows any valid quote from your enclave then they will be able to impersonate a connection from that enclave. This is because your server doesn't really verify the SSL client which is connecting, it's only the client verifying the server.
Please check out how our RA-TLS is constructed, it's very similar but fixes this problem by binding the specific SSL keys to the quote.

[nmwael]

This part is not. We will add mtls plus signing verification later on( to make sure it's our signed enclave).. i will also check Ra TLS..

…

On Tue, 25 Apr 2023, 14:22 Michał Kowalczyk, ***@***.***> wrote: I'm not sure if what you're doing is secure, quote usually isn't secret, but in your deployment if someone knows *any* valid quote from your enclave then they will be able to impersonate a connection from that enclave. This is because your server doesn't really verify the SSL client which is connecting, it's only the client verifying the server. Please check out how our RA-TLS is constructed, it's very similar but fixes this problem by binding the specific SSL keys to the quote. — Reply to this email directly, view it on GitHub <#1304 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAF3P5ZONG7GLYGHJCEPJMTXC66XJANCNFSM6AAAAAAXKZLOXA> . You are receiving this because you modified the open/close state.Message ID: ***@***.*** com>

[mkow]

Then RA-TLS will most likely do exactly this for you. Check out the sources and https://gramine.readthedocs.io/en/latest/attestation.html ;)