Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Can I install PCCS on a VM?

mlopez
Beginner
1,275 Views

So I have a host machine with Intel SGX deployed, including PCCS. That host machine has a Virtual Machine (where sgx technology is enabled) where I have an older version of Intel SGX. 

 

I was wondering if it is possible to deploy pccs service on my virtual machine, since using the pccs from mi host machine is giving me some errors because of different platform version. I have latest on host and 2.17 with 1.14 dcap on vm.

 

I tried to do it, but I got these two errors, first wit hthe PCK ID Retrieval Tool, second on VM PCCS log.

dic 20 17:51:25 teaclave-vm node[5360]: 2023-12-20 17:51:25.321 [info]: Request-ID is : 692a15c6c92241849b801dd8f990d75e                                                    dic 20 17:51:25 teaclave-vm node[5360]: 2023-12-20 17:51:25.322 [error]: Intel PCS server returns error(404).                                                               dic 20 17:51:25 teaclave-vm node[5360]: 2023-12-20 17:51:25.322 [error]: Intel PCS server returns error. Error code : 404                                                   dic 20 17:51:25 teaclave-vm node[5360]: 2023-12-20 17:51:25.322 [error]: Error: No cache data for this platform.                                                            dic 20 17:51:25 teaclave-vm node[5360]:     at Proxy.getPckCertFromPCS (/opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:92:11)                                  dic 20 17:51:25 teaclave-vm node[5360]:     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)                                                   dic 20 17:51:25 teaclave-vm node[5360]:     at async ReqCachingMode.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:205:7)                dic 20 17:51:25 teaclave-vm node[5360]:     at async Proxy.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/platformsRegService.js:107:3)                               dic 20 17:51:25 teaclave-vm node[5360]:     at async postPlatforms (/opt/intel/sgx-dcap-pccs/controllers/platformsController.js:40:5)                                       dic 20 17:51:25 teaclave-vm node[5360]: 2023-12-20 17:51:25.327 [info]: 127.0.0.1 - - [20/Dec/2023:17:51:25 +0000] "POST /sgx/certification/v3/platforms HTTP/1.1" 404 32 "

 

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.14.100.3

Warning: platform manifest is not available or current platform is not multi-package platform.
Error: unexpected error happend during sending data to cache server.
pckid_retrieval.csv has been generated successfully, however the data couldn't be sent to cache server!

 

Labels (1)
0 Kudos
3 Replies
Iffa_Intel
Moderator
1,243 Views

Hi,


The "unexpected error happened during sending data to cache server" error is probably due to the host machine not being registered with the Intel Registration Service.



Cordially,

Iffa


0 Kudos
mlopez
Beginner
1,219 Views

Hi,

 

PCCS on host machine works properly, also PCKRetrievalTool. Doesn't that mean that it is registered?

0 Kudos
Wojciech_M_Intel
Moderator
981 Views

Hi,
PCCS can be installed on a VM, furthermore it does not need to be installed on SGX enabled systems.
For more information please look at https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/SGX_DCAP_Caching_Service_Design_Guide.pdf


As for unexpected error from PCK ID retrieval tool, you platform might be already registered. Easiest way to register platform would be to reset SGX settings in BIOS if its possible.

 

Regards,
Wojtek

0 Kudos
Reply