fix(enclave-setup): load vsock core before nitro_enclaves — prevents ENODEV on AF_VSOCK connect

User · User · commit 64d183bd443c · 2026-04-25T13:37:37.000+08:00
diff --git a/enclave-setup.sh b/enclave-setup.sh
@@ -117,8 +117,10 @@ else
     fi
 fi
 
+# Load vsock core first — nitro_enclaves registers its vsock transport against it.
+# Without vsock loaded before the enclave starts, AF_VSOCK connect() returns ENODEV.
+modprobe vsock 2>/dev/null || true
 modprobe nitro_enclaves 2>/dev/null || true
-modprobe vhost_vsock 2>/dev/null || true
 
 # Create the enclave sockets directory early — describe-enclaves needs it.
 # 755 so non-root users (ubuntu) can list enclaves without sudo.
