<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Spectre fix breaks SGX attestation in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181515#M3541</link>
    <description>&lt;P&gt;In December (2017) I had SGX remote attestation working on a Thinkpad T470 (20HD) under Linux.&lt;/P&gt;

&lt;P&gt;On the 27th December 2017 Lenovo released a BIOS update 1.44 which addressed CVE-2017-5715.&lt;/P&gt;

&lt;P&gt;Since installing the BIOS update attestation now fails, with the following messages:&lt;/P&gt;

&lt;P&gt;: Error, call sgx_get_extended_epid_group_id fail: 0x4001&lt;BR /&gt;
	: sgx_create_enclave() needs the AE service to get a launch token&lt;/P&gt;

&lt;P&gt;I assume the Spectre fix CVE-2017-5715 has changed the time taken to perform an operation which has caused the AE service to be declared as not running.&lt;/P&gt;

&lt;P&gt;Any ideas?&lt;/P&gt;

&lt;P&gt;Regards,&lt;/P&gt;

&lt;P&gt;-Arthur&lt;BR /&gt;
	&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Wed, 10 Jan 2018 14:55:28 GMT</pubDate>
    <dc:creator>Gordon__Arthur</dc:creator>
    <dc:date>2018-01-10T14:55:28Z</dc:date>
    <item>
      <title>Spectre fix breaks SGX attestation</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181515#M3541</link>
      <description>&lt;P&gt;In December (2017) I had SGX remote attestation working on a Thinkpad T470 (20HD) under Linux.&lt;/P&gt;

&lt;P&gt;On the 27th December 2017 Lenovo released a BIOS update 1.44 which addressed CVE-2017-5715.&lt;/P&gt;

&lt;P&gt;Since installing the BIOS update attestation now fails, with the following messages:&lt;/P&gt;

&lt;P&gt;: Error, call sgx_get_extended_epid_group_id fail: 0x4001&lt;BR /&gt;
	: sgx_create_enclave() needs the AE service to get a launch token&lt;/P&gt;

&lt;P&gt;I assume the Spectre fix CVE-2017-5715 has changed the time taken to perform an operation which has caused the AE service to be declared as not running.&lt;/P&gt;

&lt;P&gt;Any ideas?&lt;/P&gt;

&lt;P&gt;Regards,&lt;/P&gt;

&lt;P&gt;-Arthur&lt;BR /&gt;
	&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jan 2018 14:55:28 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181515#M3541</guid>
      <dc:creator>Gordon__Arthur</dc:creator>
      <dc:date>2018-01-10T14:55:28Z</dc:date>
    </item>
    <item>
      <title>The Intel SGX platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181516#M3542</link>
      <description>&lt;P&gt;The Intel SGX platform software is trying to reprovision because of the BIOS update (these fixes result in a TCB recovery). Error 0x4001 in this context means the request to the AE service timed out.&lt;/P&gt;

&lt;P&gt;Make sure:&lt;/P&gt;

&lt;OL&gt;
	&lt;LI&gt;aesm is running (it should be or you'd get a different error)&amp;nbsp;&lt;/LI&gt;
	&lt;LI&gt;the proxy for aesm is properly configured in /etc/aesmd.conf&lt;/LI&gt;
&lt;/OL&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jan 2018 18:07:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181516#M3542</guid>
      <dc:creator>JohnMechalas</dc:creator>
      <dc:date>2018-01-10T18:07:00Z</dc:date>
    </item>
    <item>
      <title>Thanks for the response John</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181517#M3543</link>
      <description>&lt;P&gt;Thanks for the response John looking at the aesmd service I get the following&lt;/P&gt;

&lt;P&gt;$ service aesmd status&lt;/P&gt;

&lt;P&gt;● aesmd.service - Intel(R) Architectural Enclave Service Manager&lt;BR /&gt;
	&amp;nbsp;&amp;nbsp; Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)&lt;BR /&gt;
	&amp;nbsp;&amp;nbsp; Active: activating (auto-restart) (Result: exit-code) since Wed 2018-01-10 20:44:21 GMT; 5s ago&lt;BR /&gt;
	&amp;nbsp; Process: 2770 ExecStart=/opt/intel/sgxpsw/aesm/aesm_service (code=exited, status=0/SUCCESS)&lt;BR /&gt;
	&amp;nbsp; Process: 2767 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)&lt;BR /&gt;
	&amp;nbsp; Process: 2763 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)&lt;BR /&gt;
	&amp;nbsp; Process: 2759 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)&lt;BR /&gt;
	&amp;nbsp; Process: 2748 ExecStartPre=/opt/intel/sgxpsw/aesm/linksgx.sh (code=exited, status=0/SUCCESS)&lt;BR /&gt;
	&amp;nbsp;Main PID: 2772 (code=exited, status=1/FAILURE)&lt;/P&gt;

&lt;P&gt;&amp;lt;b&amp;gt;Jan 10 20:44:21 arthur-ThinkPad-T470 systemd[1]: aesmd.service: Unit entered failed state.&lt;BR /&gt;
	Jan 10 20:44:21 arthur-ThinkPad-T470 systemd[1]: aesmd.service: Failed with result 'exit-code'.&amp;lt;/b&amp;gt;&lt;/P&gt;

&lt;P&gt;I am not using a proxy and changing following line in cat /etc/aesmd.conf has no effect&lt;/P&gt;

&lt;P&gt;#proxy type&amp;nbsp;&amp;nbsp;&amp;nbsp; = direct #direct type means no proxy used&lt;/P&gt;

&lt;P&gt;What could be causing the aesmd service to fail?&lt;/P&gt;

&lt;P&gt;Regards,&lt;/P&gt;

&lt;P&gt;-Arthur&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 10 Jan 2018 20:54:57 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181517#M3543</guid>
      <dc:creator>Gordon__Arthur</dc:creator>
      <dc:date>2018-01-10T20:54:57Z</dc:date>
    </item>
    <item>
      <title>OK now fixed! The aesmd</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181518#M3544</link>
      <description>&lt;P&gt;OK now fixed! The aesmd service was failing because the sgx driver was not running.&lt;/P&gt;

&lt;P&gt;I had updated the kernel version, which then required the sgx driver to be reinstalled.&lt;/P&gt;

&lt;P&gt;Thanks for the pointers.&lt;/P&gt;

&lt;P&gt;Regards,&lt;/P&gt;

&lt;P&gt;-Arthur&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jan 2018 12:24:08 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181518#M3544</guid>
      <dc:creator>Gordon__Arthur</dc:creator>
      <dc:date>2018-01-11T12:24:08Z</dc:date>
    </item>
    <item>
      <title>John M; im trying to locate</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181519#M3545</link>
      <description>&lt;P&gt;John M; im trying to locate you to ask you a couple questions!&lt;/P&gt;

&lt;P&gt;thanks!&lt;/P&gt;

&lt;P&gt;seb&lt;/P&gt;</description>
      <pubDate>Fri, 06 Apr 2018 20:41:15 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Spectre-fix-breaks-SGX-attestation/m-p/1181519#M3545</guid>
      <dc:creator>Sebastian_S_Intel1</dc:creator>
      <dc:date>2018-04-06T20:41:15Z</dc:date>
    </item>
  </channel>
</rss>

