Forem: Muhammad Ablugg The latest articles on Forem by Muhammad Ablugg (@muhammad_ablugg_13b22884f). https://forem.com/muhammad_ablugg_13b22884f https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3921156%2F343cc9c4-8b57-4a18-be14-c754eb63bb66.png Forem: Muhammad Ablugg https://forem.com/muhammad_ablugg_13b22884f en The Nitro Enclave Gotcha That Cost Me 90 Minutes: vsock and a Port That Lied Muhammad Ablugg Sat, 09 May 2026 06:08:09 +0000 https://forem.com/muhammad_ablugg_13b22884f/the-nitro-enclave-gotcha-that-cost-me-90-minutes-vsock-and-a-port-that-lied-106h https://forem.com/muhammad_ablugg_13b22884f/the-nitro-enclave-gotcha-that-cost-me-90-minutes-vsock-and-a-port-that-lied-106h <p>When you are building inside AWS Nitro Enclaves for the first time, the documentation gives you a clean mental model: parent EC2 instance communicates with the enclave over vsock, the enclave runs your application, everything is isolated and tidy. What the documentation does not tell you is that "connected" and "live" are two different things, and conflating them will cost you time.</p> <p>This is the story of a silent failure I hit while building Mizan, a legal AI platform running inside Nitro Enclaves where attorney-client privileged data is processed entirely in hardware-isolated memory. The bug took about 90 minutes to resolve. Writing it up takes less than 10 minutes to read. Hopefully this saves you the 90.</p> <h2> The Setup </h2> <p>The architecture is straightforward: an AWS Nitro Enclave runs a raw vsock server on port 5000. The parent EC2 instance communicates with it over vsock, the only communication channel Nitro Enclaves support. No TCP, no network interfaces inside the enclave, just vsock.</p> <p>The protocol is length-prefixed JSON: the parent sends a 4-byte big-endian message length followed by a JSON payload, the enclave reads it, routes it to the appropriate handler, and sends back a length-prefixed JSON response. Simple in theory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># vsock framing used by both sides </span><span class="k">def</span> <span class="nf">recv_message</span><span class="p">(</span><span class="n">sock</span><span class="p">):</span> <span class="n">raw_len</span> <span class="o">=</span> <span class="n">sock</span><span class="p">.</span><span class="nf">recv</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span> <span class="n">msg_len</span> <span class="o">=</span> <span class="n">struct</span><span class="p">.</span><span class="nf">unpack</span><span class="p">(</span><span class="sh">"</span><span class="s">&gt;I</span><span class="sh">"</span><span class="p">,</span> <span class="n">raw_len</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">data</span> <span class="o">=</span> <span class="sa">b</span><span class="sh">""</span> <span class="k">while</span> <span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="o">&lt;</span> <span class="n">msg_len</span><span class="p">:</span> <span class="n">chunk</span> <span class="o">=</span> <span class="n">sock</span><span class="p">.</span><span class="nf">recv</span><span class="p">(</span><span class="nf">min</span><span class="p">(</span><span class="mi">4096</span><span class="p">,</span> <span class="n">msg_len</span> <span class="o">-</span> <span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">)))</span> <span class="n">data</span> <span class="o">+=</span> <span class="n">chunk</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="nf">decode</span><span class="p">())</span> <span class="k">def</span> <span class="nf">send_message</span><span class="p">(</span><span class="n">sock</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">message</span><span class="p">).</span><span class="nf">encode</span><span class="p">()</span> <span class="n">sock</span><span class="p">.</span><span class="nf">sendall</span><span class="p">(</span><span class="n">struct</span><span class="p">.</span><span class="nf">pack</span><span class="p">(</span><span class="sh">"</span><span class="s">&gt;I</span><span class="sh">"</span><span class="p">,</span> <span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">))</span> <span class="o">+</span> <span class="n">data</span><span class="p">)</span> </code></pre> </div> <p>The enclave binds to VSOCK_CID_ANY (0xFFFFFFFF) on port 5000, accepts connections from the parent, and routes requests by action field.</p> <h2> The Symptom </h2> <p>The parent instance would attempt to connect to the enclave and silently fail. No exception thrown, no error message in the obvious places. The connection appeared to succeed from the parent's perspective, the vsock socket connected without raising an error, but requests into the enclave were going nowhere.</p> <p>This is the worst category of bug: the thing that fails quietly. If the connection had been refused outright, the error would have pointed directly at the problem. Instead, the parent thought it had a live connection and I thought I had a working system.</p> <h2> Finding It </h2> <p>The first thing I did was add structured logging on both sides of the vsock connection, on the parent before and after the connect call, and inside the enclave at startup. This is where the picture became clear.</p> <p>The parent logs showed the vsock connection completing successfully. The enclave logs showed something different: the server was crashing on boot before it finished binding to port 5000.</p> <p>The log sequence that mattered:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">[enclave] Starting vsock server on port 5000 [enclave] ERROR: dependency import failed / runtime error during startup [enclave] Process exited [parent] vsock connected to CID:5000 </span></code></pre> </div> <p>The sequence told the story. The enclave process was dying during startup, the server never fully came up, but the vsock layer had no mechanism to propagate that back to the parent. From vsock's perspective the port existed (it had been registered during the boot sequence), so the connection handshake succeeded. The fact that nothing was actually serving on the other end was invisible to the caller.</p> <p><em>Connected but not live.</em></p> <h2> Why This Happens </h2> <p>Vsock operates at the transport layer. It does not know or care what is running above it. When the enclave image boots, the vsock port becomes available as part of the boot process before the application inside has finished starting. If your application crashes during startup, the port remains technically reachable via vsock while nothing is actually serving requests on it.</p> <p>This is different from how you might expect TCP to behave on a normal host where a crashed process means the port is immediately unavailable and a connection attempt fails fast. Inside an enclave, the isolation layer introduces a gap between "the enclave is running" and "your application inside the enclave is running."</p> <p>It also means that any production Nitro Enclave setup that does not explicitly verify application readiness is making an assumption it should not be making.</p> <h2> The Fix </h2> <p>The solution is a health check action that the parent calls before sending real traffic. Since the server already routes requests by action field, adding a health check is a one-liner in handle_request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Inside the enclave - server.py </span><span class="k">def</span> <span class="nf">handle_request</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="nb">dict</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="n">action</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">action</span> <span class="o">==</span> <span class="sh">"</span><span class="s">health</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">ok</span><span class="sh">"</span><span class="p">}</span> <span class="k">elif</span> <span class="n">action</span> <span class="o">==</span> <span class="sh">"</span><span class="s">chat</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># ... inference logic </span> <span class="k">pass</span> <span class="c1"># ... other actions </span></code></pre> </div> <p>On the parent side, before sending any real request, poll the health action over vsock until it responds or a timeout is reached:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># On the parent EC2 instance - bridge.py </span><span class="kn">import</span> <span class="n">socket</span> <span class="kn">import</span> <span class="n">struct</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">time</span> <span class="n">ENCLAVE_CID</span> <span class="o">=</span> <span class="mi">16</span> <span class="c1"># replace with your enclave's CID </span><span class="n">VSOCK_PORT</span> <span class="o">=</span> <span class="mi">5000</span> <span class="n">HEALTH_TIMEOUT</span> <span class="o">=</span> <span class="mi">30</span> <span class="n">RETRY_INTERVAL</span> <span class="o">=</span> <span class="mi">1</span> <span class="k">def</span> <span class="nf">vsock_request</span><span class="p">(</span><span class="n">cid</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">payload</span><span class="p">):</span> <span class="n">sock</span> <span class="o">=</span> <span class="n">socket</span><span class="p">.</span><span class="nf">socket</span><span class="p">(</span><span class="n">socket</span><span class="p">.</span><span class="n">AF_VSOCK</span><span class="p">,</span> <span class="n">socket</span><span class="p">.</span><span class="n">SOCK_STREAM</span><span class="p">)</span> <span class="n">sock</span><span class="p">.</span><span class="nf">connect</span><span class="p">((</span><span class="n">cid</span><span class="p">,</span> <span class="n">port</span><span class="p">))</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">payload</span><span class="p">).</span><span class="nf">encode</span><span class="p">()</span> <span class="n">sock</span><span class="p">.</span><span class="nf">sendall</span><span class="p">(</span><span class="n">struct</span><span class="p">.</span><span class="nf">pack</span><span class="p">(</span><span class="sh">"</span><span class="s">&gt;I</span><span class="sh">"</span><span class="p">,</span> <span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">))</span> <span class="o">+</span> <span class="n">data</span><span class="p">)</span> <span class="n">raw_len</span> <span class="o">=</span> <span class="n">sock</span><span class="p">.</span><span class="nf">recv</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span> <span class="n">msg_len</span> <span class="o">=</span> <span class="n">struct</span><span class="p">.</span><span class="nf">unpack</span><span class="p">(</span><span class="sh">"</span><span class="s">&gt;I</span><span class="sh">"</span><span class="p">,</span> <span class="n">raw_len</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">response</span> <span class="o">=</span> <span class="sa">b</span><span class="sh">""</span> <span class="k">while</span> <span class="nf">len</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="o">&lt;</span> <span class="n">msg_len</span><span class="p">:</span> <span class="n">chunk</span> <span class="o">=</span> <span class="n">sock</span><span class="p">.</span><span class="nf">recv</span><span class="p">(</span><span class="nf">min</span><span class="p">(</span><span class="mi">4096</span><span class="p">,</span> <span class="n">msg_len</span> <span class="o">-</span> <span class="nf">len</span><span class="p">(</span><span class="n">response</span><span class="p">)))</span> <span class="n">response</span> <span class="o">+=</span> <span class="n">chunk</span> <span class="n">sock</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="nf">decode</span><span class="p">())</span> <span class="k">def</span> <span class="nf">wait_for_enclave</span><span class="p">(</span><span class="n">cid</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="n">HEALTH_TIMEOUT</span><span class="p">):</span> <span class="n">deadline</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">+</span> <span class="n">timeout</span> <span class="k">while</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">&lt;</span> <span class="n">deadline</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="nf">vsock_request</span><span class="p">(</span><span class="n">cid</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">health</span><span class="sh">"</span><span class="p">})</span> <span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">)</span> <span class="o">==</span> <span class="sh">"</span><span class="s">ok</span><span class="sh">"</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">[parent] Enclave health check passed</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[parent] Enclave not ready yet: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">RETRY_INTERVAL</span><span class="p">)</span> <span class="k">raise</span> <span class="nc">TimeoutError</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Enclave did not become healthy within </span><span class="si">{</span><span class="n">timeout</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Usage </span><span class="nf">wait_for_enclave</span><span class="p">(</span><span class="n">ENCLAVE_CID</span><span class="p">,</span> <span class="n">VSOCK_PORT</span><span class="p">)</span> <span class="c1"># Now safe to send real traffic </span><span class="n">result</span> <span class="o">=</span> <span class="nf">vsock_request</span><span class="p">(</span><span class="n">ENCLAVE_CID</span><span class="p">,</span> <span class="n">VSOCK_PORT</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">action</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">chat</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="p">[...]})</span> </code></pre> </div> <p>With this in place, the parent will not send sensitive data into the enclave until the enclave has explicitly confirmed it is ready. If the server crashes on boot, the health check times out and raises an error rather than silently dropping requests into a dead connection.</p> <h2> What I Actually Learned </h2> <p>The immediate fix is the health check. The deeper lesson is about the gap between transport-layer success and application-layer readiness in enclave architectures.</p> <p>Normal distributed systems have this problem too. A service can be "up" from a load balancer's perspective while being in a broken state internally. But inside a Nitro Enclave, the debugging surface is intentionally reduced. You cannot SSH in. You cannot attach a debugger. You cannot inspect the process from the outside. Logging is your primary diagnostic tool, and if you have not built structured logging into your enclave from the start, silent failures become very hard to reason about.</p> <p>The 90 minutes I spent on this was mostly time I did not have good logging in place. Once I added it, the problem was obvious in under five minutes. Build the logging first.</p> <h2> Summary </h2> <ul> <li>Vsock connects at the transport layer. It does not verify that your application is running inside the enclave.</li> <li>If your enclave server crashes on boot, the parent can still establish a vsock connection and have no idea nothing is listening.</li> <li>Always implement a health check and poll it from the parent before sending real traffic.</li> <li>Structured logging inside the enclave is not optional. It is your only debugging surface.</li> <li>The length-prefixed JSON framing means a crashed server produces no response at all. Make sure your parent handles that case explicitly rather than hanging on recv.</li> </ul> <p><em>This was written from a production debugging session while building Mizan, a legal AI platform using AWS Nitro Enclaves to protect attorney-client privileged data. The nitro-attestation-verifier tool referenced in other writeups came from the same project.</em></p> <p><em>Muhammad Ablugg - <a href="https://ablugg.ablugg.workers.dev/" rel="noopener noreferrer">Portfolio</a> - <a href="https://github.com/ablugg" rel="noopener noreferrer">GitHub</a></em></p> aws security python cloud