Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Certificate service errors

ambient-gregory
Beginner
2,424 Views

Hi team.

 

We get the following errors from PCCS, despite it being configured per the canonical tdx guide. The subscription key was obtained and set up via the pccs-configure command.

 

Here's the relevant output from pccs.service:

Aug 11 20:13:59 GPU36 node[1484159]: 2025-08-11 20:13:59.035 [error]: Intel PCS server returns error(404).
Aug 11 20:13:59 GPU36 node[1484159]: 2025-08-11 20:13:59.036 [error]: Error: No cache data for this platform.
Aug 11 20:13:59 GPU36 node[1484159]: at Module.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:159:11)

 MPA registration log looks correct:

[08-08-2025 11:33:06] INFO: Starts Registration Agent Flow.
[08-08-2025 11:33:06] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[08-08-2025 11:33:06] INFO: Finished Registration Agent Flow.
[09-08-2025 12:06:30] INFO: SGX Registration Agent version: 1.21.100.3
[09-08-2025 12:06:30] INFO: Starts Registration Agent Flow.
[09-08-2025 12:06:30] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[09-08-2025 12:06:30] INFO: Finished Registration Agent Flow.

BIOS settings were also verified to be correct, with all relevant memory encryption and SGX options set to expected values.  

 

Production check in tdx/attestation/check-production.sh passes as well and all /dev/sgx_* devices are present.

 

Would appreciate any inputs here on how to resolve the issue.

0 Kudos
1 Reply
Scott_R_Intel
Moderator
2,375 Views

Hello.

Please try enabling an "SGX Factory Reset" in the BIOS setup and then booting and checking the MPA log again.

Regards. 

0 Kudos
Reply