Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1448 Discussions

Difficulties with AESM service and EPIDGroupCertLegacy.cer

Gordon__Nicholas
Beginner
697 Views

I have installed the SDK successfully and run some of the sample code, but I couldn't get the RemoteAttestation sample app to work. I built libsgx-enclave-common from the sgx_2.4 commit on the Github on Ubuntu 16.04. When installing it with `dpkg`, I get the following errors:

Installing aesmd.service service ... done.
Optional modules iclsInit() returned error.
Trusted platform service is unavailable. Check log in /opt/Intel/iclsClient/log/iclsClient.log.

When I look in this `iclsClient.log` file, I see this line that looks like the problem to me:

2019-02-18 15:08:01:397 00007f9ed190f700 iclsClient:checkIclsCertificateStatus: [INF] [N/A] Provisioning status: 0x02 [SAFEID_NO_PUB_SAFEID_KEY]
2019-02-18 15:08:01:397 00007f9ed190f700 iclsClient:validateProvisioningStatus: [INF] [N/A] iCLS not provisioned, trying to send iCLS certificate.
2019-02-18 15:08:01:397 00007f9ed190f700 iclsClient:validateProvisioningStatus: [INF] [N/A] iCLS not provisioned, trying to send iCLS certificate.
2019-02-18 15:08:01:397 00007f9ed190f700 iclsClient:readEpidGroupParameters: [DBG] [N/A] Absoulte path to epid group params file: /opt/Intel/iclsClient///epid_paramcert.dat
2019-02-18 15:08:01:397 00007f9ed190f700 iclsClient:readLegacyCertificate: Trying to read file./opt/Intel/iclsClient///EPIDGroupCertLegacy.cer
2019-02-18 15:08:01:399 00007f9ed190f700 iclsClient:Error while reading legacy certificate for group: <10432> from file: /opt/Intel/iclsClient///EPIDGroupCertLegacy.cer
2019-02-18 15:08:01:399 00007f9ed190f700 iclsClient:iclsInit: [FTL] Unexpected MEI exception 0x0d [MeiException::EPID_PARAM_READ_FAILED]: Resource exception of type 0 was thrown

Clearly something is wrong with this certificate, but I don't know what. If I look at `service aesmd status`:

Feb 18 15:08:01 sgx-3 aesm_service[25400]: [ADMIN]Sigma 2.0 session will be established.
Feb 18 15:08:01 sgx-3 aesm_service[25400]: Sigma 2.0 session will be established.
Feb 18 15:08:01 sgx-3 jhi[25400]: calling SVC SAR..
Feb 18 15:08:01 sgx-3 aesm_service[25400]: DAL failure
Feb 18 15:08:01 sgx-3 aesm_service[25400]: [ADMIN]Platform Services initializing
Feb 18 15:08:01 sgx-3 aesm_service[25400]: [ADMIN]Platform Services initialization failed due to DAL error

I can attach other errors as well or information, as well. Here are the details about the CPU from `lscpu`. It's a very recent CPU, so I thought that might have something to do with it:

Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                6
On-line CPU(s) list:   0-5
Thread(s) per core:    1
Core(s) per socket:    6
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 158
Model name:            Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Stepping:              10
CPU MHz:               3236.013
CPU max MHz:           4600.0000
CPU min MHz:           800.0000
BogoMIPS:              6384.00
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              12288K
NUMA node0 CPU(s):     0-5
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp flush_l1d

 

If anyone has any clues, I would really appreciate it.

 

0 Kudos
0 Replies
Reply