Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1537 Discussions

Certificate service errors

ambient-gregory
Beginner
‎08-11-2025 01:39 PM
2,424 Views

Hi team.

 

We get the following errors from PCCS, despite it being configured per the canonical tdx guide. The subscription key was obtained and set up via the pccs-configure command.

 

Here's the relevant output from pccs.service:

Aug 11 20:13:59 GPU36 node[1484159]: 2025-08-11 20:13:59.035 [error]: Intel PCS server returns error(404).
Aug 11 20:13:59 GPU36 node[1484159]: 2025-08-11 20:13:59.036 [error]: Error: No cache data for this platform.
Aug 11 20:13:59 GPU36 node[1484159]: at Module.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:159:11)

 MPA registration log looks correct:

[08-08-2025 11:33:06] INFO: Starts Registration Agent Flow.
[08-08-2025 11:33:06] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[08-08-2025 11:33:06] INFO: Finished Registration Agent Flow.
[09-08-2025 12:06:30] INFO: SGX Registration Agent version: 1.21.100.3
[09-08-2025 12:06:30] INFO: Starts Registration Agent Flow.
[09-08-2025 12:06:30] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[09-08-2025 12:06:30] INFO: Finished Registration Agent Flow.

BIOS settings were also verified to be correct, with all relevant memory encryption and SGX options set to expected values.  

 

Production check in tdx/attestation/check-production.sh passes as well and all /dev/sgx_* devices are present.

 

Would appreciate any inputs here on how to resolve the issue.

0 Kudos

Link Copied

1 Reply
Scott_R_Intel
Moderator
‎08-11-2025 06:32 PM
2,375 Views

Hello.

Please try enabling an "SGX Factory Reset" in the BIOS setup and then booting and checking the MPA log again.

Regards. 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.