Preparation
Environment Preparation
Install the NPU driver, firmware, CANN toolkit, and ops operator package of the matching version, and configure CANN environment variables. For details, see For details, see CANN Software Installation Guide..
Constraints
Before using the tool, read the following security instructions carefully to prevent potential risks.
- Permission constraints
- For security purpose and the principle of least privilege, you are advised to use a common user instead of a high-privilege user (such as root) to install and use msLeaks.
- Follow the principle of least privilege. For example, prevent other users from writing data by disabling permissions like 666 and 777.
- Ensure that the execution user's umask value is greater than or equal to 0027; otherwise, the permissions of directories and files where performance data is collected may be too high.
- Ensure that performance data is saved in the current user's directory and the directory does not contain symbolic links, to prevent potential security problems.
- Installation and usage constraints
- Since the msLeaks tool is integrated into the CANN software package, its installation must follow the installation requirements of the CANN package. Before using the msLeaks tool, install the CANN software package and driver package using the default settings as the same low-privilege user, set environment variables, and do not modify the environment variable configuration in set_env.sh.
- msLeaks is a development and debugging tool and should not be used in the production environment.
- File verification constraints
Use verification methods like SHA256 to verify the integrity of downloaded files (especially model weight files) to ensure that the files are secure and reliable, thereby avoiding potential security risks.
- Compatibility constraints
When msLeaks generates a file in db format, ensure that the libsqlite3.so package and related files have been installed in the current user environment, and the group and others user groups do not have the modification permission.