<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re:Remote attestation error in HPE platform in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230317#M4110</link>
    <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;According the SGX error list, &lt;A href="https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_error.h" target="_blank"&gt;https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_error.h&lt;/A&gt;:&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: courier;"&gt;SGX_ERROR_SERVICE_UNAVAILABLE = SGX_MK_ERROR(0x4001), /* Indicates aesm didn't respond or the requested service is not supported */&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;To resolve this, &lt;B&gt;Start&lt;/B&gt; the &lt;I&gt;aesmd &lt;/I&gt;service:&lt;/P&gt;&lt;P&gt;$ ps aux | grep -i aesm&lt;/P&gt;&lt;P&gt;$ sudo systemctl start aesmd&lt;/P&gt;&lt;P&gt;$ cat /var/log/syslog | grep -i aesm&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;BR /&gt;</description>
    <pubDate>Fri, 20 Nov 2020 18:51:14 GMT</pubDate>
    <dc:creator>JesusG_Intel</dc:creator>
    <dc:date>2020-11-20T18:51:14Z</dc:date>
    <item>
      <title>Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230049#M4109</link>
      <description>&lt;P&gt;Hi all,&lt;/P&gt;&lt;DIV&gt;I have two machines, both are equipped&amp;nbsp;with Intel CPU. Let me attach brief information about those.&lt;/DIV&gt;&lt;DIV&gt;[A]&lt;/DIV&gt;&lt;DIV&gt;&lt;DIV&gt;- CPU:&amp;nbsp;Xeon&amp;nbsp;E-2274G&lt;/DIV&gt;&lt;DIV&gt;- Board: HPE Proliant ML30 Gen10 (Updated with latest bios provided in HP official)&lt;/DIV&gt;&lt;/DIV&gt;&lt;DIV&gt;[B]&lt;/DIV&gt;&lt;DIV&gt;- CPU:&amp;nbsp;i7-8700&lt;/DIV&gt;&lt;DIV&gt;- Board: ASUS Z370-A ll&lt;/DIV&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;DIV&gt;I have had no problem when developing some applications using SGX without remote attestation based on EPID scheme at both A and B. If the application uses remote attestation based on EPID, then It fails in the function sgx_get_extended_epid_group_id().&lt;/DIV&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;DIV&gt;I ran two examples, one is&amp;nbsp;&lt;A href="https://github.com/intel/sgx-ra-sample" target="_blank" rel="noopener"&gt;https://github.com/intel/sgx-ra-sample&lt;/A&gt;&amp;nbsp;and another one is sgxsdk/SampleCode/RemoteAttestation. Both examples are successfully run&amp;nbsp;in A, whereas both are failed in B, specifically&amp;nbsp;in the function of sgx_get_extended_epid_group_id().&lt;/DIV&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;DIV&gt;So, my purpose is to demonstrate remote attestation in A.&lt;/DIV&gt;&lt;DIV&gt;1. Is there some cases that cannot run remote attestation in HPE platform?&lt;/DIV&gt;&lt;DIV&gt;2. Is there a workaround that can resolve the error of sgx_get_extended_epid_group_id() (the error is 0x4001)&lt;/DIV&gt;</description>
      <pubDate>Thu, 19 Nov 2020 23:06:30 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230049#M4109</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2020-11-19T23:06:30Z</dc:date>
    </item>
    <item>
      <title>Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230317#M4110</link>
      <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;According the SGX error list, &lt;A href="https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_error.h" target="_blank"&gt;https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_error.h&lt;/A&gt;:&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: courier;"&gt;SGX_ERROR_SERVICE_UNAVAILABLE = SGX_MK_ERROR(0x4001), /* Indicates aesm didn't respond or the requested service is not supported */&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;To resolve this, &lt;B&gt;Start&lt;/B&gt; the &lt;I&gt;aesmd &lt;/I&gt;service:&lt;/P&gt;&lt;P&gt;$ ps aux | grep -i aesm&lt;/P&gt;&lt;P&gt;$ sudo systemctl start aesmd&lt;/P&gt;&lt;P&gt;$ cat /var/log/syslog | grep -i aesm&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Fri, 20 Nov 2020 18:51:14 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230317#M4110</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2020-11-20T18:51:14Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230449#M4111</link>
      <description>&lt;P&gt;Hi JesusG,&lt;/P&gt;&lt;P&gt;Yes I checked meaning of the error but, my aesm is currently working well since other applications using sgx are works. however,&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt; cat /var/log/syslog | grep -i aesm&lt;/LI-CODE&gt;&lt;P&gt;&lt;SPAN&gt;the code above outputs empty. &amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 21 Nov 2020 06:59:36 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230449#M4111</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2020-11-21T06:59:36Z</dc:date>
    </item>
    <item>
      <title>Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230910#M4118</link>
      <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Please provide verbose logs from both the client and server in the sgx-ra-sample.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Set VERBOSE=1 and DEBUG=1 on both the client and server configs, then attach sp.log and client.log. &lt;B&gt;Be sure to remove any password strings for your user certificate from sp.log before attaching. They will appear as hex strings at the top, and in plain text before contacting IAS.&lt;/B&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Mon, 23 Nov 2020 18:13:57 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1230910#M4118</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2020-11-23T18:13:57Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231024#M4123</link>
      <description>&lt;P&gt;Hi Jesus, Thanks for your kind response.&lt;/P&gt;&lt;P&gt;Both log files(sp.log and client.log) are empty. Let me attach standard output of two programs.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;The logs of client here.&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;+++ IAS Primary Subscription Key set to '5ad8........................3e33'
+++ IAS Secondary Subscription Key set to '17a6........................ce59'
+++ Using default CA bundle /etc/ssl/certs/ca-certificates.crt
Using default private key
+++ using private key:

+++ IAS Subscription Key[0]:    
+++ IAS Subscription Key[0] (Hex):   
+++ One-time pad:                       
+++ Encrypted Subscription Key[0]:     


+++ IAS Subscription Key[1]:   
+++ IAS Subscription Key[1] (Hex):     
+++ One-time pad:                     
+++ Encrypted Subscription Key[1]:      

Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1
Waiting for a client to connect...&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;And logs of service provider&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;+++ using default public key
sgx_get_extended_epid_group_id: 00004001&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 24 Nov 2020 01:25:02 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231024#M4123</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2020-11-24T01:25:02Z</dc:date>
    </item>
    <item>
      <title>Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231339#M4129</link>
      <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;It seems that the AESM service is not able to communicate with IAS. Is your system behind a proxy?&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;If so, configure the proxy as follows (see the bottom of &lt;A href="https://github.com/intel/linux-sgx" target="_blank"&gt;https://github.com/intel/linux-sgx&lt;/A&gt;&lt;LI-EMOJI id="lia_disappointed-face" title=":disappointed_face:"&gt;&lt;/LI-EMOJI&gt;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;H3&gt;Configure the Proxy for aesmd Service&lt;/H3&gt;&lt;P&gt;The aesmd service uses the HTTP protocol to initialize some services.&lt;/P&gt;&lt;P&gt; If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service.&lt;/P&gt;&lt;P&gt; You should manually edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service.&lt;/P&gt;&lt;P&gt; After you configure the proxy, you need to restart the service to enable the proxy.&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Tue, 24 Nov 2020 19:42:06 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231339#M4129</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2020-11-24T19:42:06Z</dc:date>
    </item>
    <item>
      <title>Re: Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231515#M4131</link>
      <description>&lt;P&gt;The problem is solved on another platform and I didn't use any proxy. Thanks for your help.&lt;/P&gt;</description>
      <pubDate>Wed, 25 Nov 2020 07:12:13 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231515#M4131</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2020-11-25T07:12:13Z</dc:date>
    </item>
    <item>
      <title>Re:Remote attestation error in HPE platform</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231659#M4133</link>
      <description>&lt;P&gt;&lt;B&gt;This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.&lt;/B&gt;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Wed, 25 Nov 2020 18:07:12 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Remote-attestation-error-in-HPE-platform/m-p/1231659#M4133</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2020-11-25T18:07:12Z</dc:date>
    </item>
  </channel>
</rss>

