I tried to follow enclave workshop

[jeongsoo-seo]

I followed https://catalog.workshops.aws/nitro-enclaves/en-US/1-my-first-enclave page's contents
I ran command below

nitro-cli run-enclave --cpu-count 2 --memory 3072 --eif-path ./hello.eif --debug-mode --enclave-cid 16
====================================================================

I got error below

[ E19 ] File operation failure. Such error appears when the system fails to perform the requested file operations, such as opening the EIF file when launching an enclave, or seeking to a specific offset in the EIF file, or writing to the log file.
File: '/dev/nitro_enclaves', failing operation: 'Open'.

For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E19

If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2024-10-17T09:08:13.244096311+00:00.log"
Failed connections: 1
[ E39 ] Enclave process connection failure. Such error appears when the enclave manager fails to connect to at least one enclave process for retrieving the description information.

For more details, please visit https://docs.aws.amazon.com/enclaves/latest/user/cli-errors.html#E39

If you open a support ticket, please provide the error log found at "/var/log/nitro_enclaves/err2024-10-17T09:08:13.244395902+00:00.log"

this is log file

Action: Run Enclave
Subactions:
Failed to execute command Run
Failed to trigger enclave run
Failed to construct EnclaveManager with given arguments
Failed to create enclave handle
Failed to open device file: Os { code: 2, kind: NotFound, message: "No such file or directory" }
Root error file: src/enclave_proc/resource_manager.rs
Root error line: 513
Version: 1.3.3

these are system info

ls -lh hello.eif
-rw-r--r--. 1 ec2-user ec2-user 221655689 Oct 17 08:51 hello.eif

free -m
total used free shared buff/cache available
Mem: 15779 3585 8326 8 3867 11856
Swap: 488 0 488

lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 46 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0,2
Off-line CPU(s) list: 1,3
Vendor ID: GenuineIntel
Model name: Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
CPU family: 6
Model: 85
Thread(s) per core: 2
Core(s) per socket: 1
Socket(s): 1
Stepping: 7
BogoMIPS: 4999.99
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid aperfmp
erf tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbas
e tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves ida arat pku ospke
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 32 KiB (1 instance)
L1i: 32 KiB (1 instance)
L2: 1 MiB (1 instance)
L3: 35.8 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0,2
Vulnerabilities:
Gather data sampling: Unknown: Dependent on hypervisor status
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Meltdown: Mitigation; PTI
Mmio stale data: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Reg file data sampling: Not affected
Retbleed: Vulnerable
Spec rstack overflow: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Retpoline
Srbds: Not affected
Tsx async abort: Not affected

=======================================================================
I could not run "sudo amazon-linux-extras install aws-nitro-enclaves-cli -y"
but I "sudo yum install aws-nitro-enclaves-cli -y"

[meerd]

Hello @jeongsoo-seo,

Thank you for your interest in Nitro Enclaves. Could you confirm that you followed the configuration steps correctly?

To help us better understand the issue, please run the following command in your terminal and share the output:

ls -la /dev/nitro_enclaves

This will help us identify if the Enclaves driver is properly set up and accessible on your system.

[jeongsoo-seo]

I had done configuration steps except 'sudo amazon-linux-extras install aws-nitro-enclaves-cli -y'
Instead I install aws-nitro-enclaves-cli with yum.
but there is no /dev/nitro_enclaves

[jeongsoo-seo]

I build two docker images.
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-app latest 5c68d7f77fd2 2 hours ago 216MB
enclave_base latest f0aab7fbd16f 2 hours ago 105MB

[jeongsoo-seo]

I used Amazon Linux 2023.
this version did not have amazon-linux-extras.
is this error related 'amazon-linux-extras'?

[jeongsoo-seo]

I used Amazon Linux 2
but I got same result.
It is my history list.

1  sudo amazon-linux-extras install aws-nitro-enclaves-cli -y
2  sudo yum install aws-nitro-enclaves-cli-devel -y
3  sudo usermod -aG ne $USER
4  sudo usermod -aG docker $USER
5  nitro-cli --version
6  sudo systemctl start nitro-enclaves-allocator.service && sudo systemctl enable nitro-enclaves-allocator.service
7  sudo systemctl status nitro-enclaves-allocator.service
8  sudo systemctl start docker && sudo systemctl enable docker
9  sudo shutdown -r now

10 id $USER
11 git clone --depth 1 https://github.com/aws-samples/aws-nitro-enclaves-workshop.git
12 cd ~/environment/aws-nitro-enclaves-workshop/resources/code/getting-started
13 docker build ./ -t "enclave_base"
14 pwd
15 cd
16 cd ~/environment/aws-nitro-enclaves-workshop/resources/code/my-first-enclave/nitro-enclaves-cli
17 docker build -t hello-app:latest .
18 pwd
19 ls
20 docker build -t hello-app:latest .
21 docker image ls
22 nitro-cli build-enclave --docker-uri hello-app:latest --output-file hello.eif
23 sudo systemctl stop nitro-enclaves-allocator.service
24 ALLOCATOR_YAML=/etc/nitro_enclaves/allocator.yaml
25 MEM_KEY=memory_mib
26 DEFAULT_MEM=3072
27 sudo sed -r "s/^(\s*${MEM_KEY}\s*:\s*).*/\1${DEFAULT_MEM}/" -i "${ALLOCATOR_YAML}"
28 sudo systemctl start nitro-enclaves-allocator.service && sudo systemctl enable nitro-enclaves-allocator.service
29 nitro-cli run-enclave --cpu-count 2 --memory 3072 --eif-path hello.eif --debug-mode --enclave-cid 16

is there something missed?

[jeongsoo-seo]

I found my ec2 not enabled enclave support.
I turned on enclave support option.
It works well.

[jeongsoo-seo]

I hope update workshop page ec2 should enabled enclave support.
Thanks.