Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
350 Views

Error: Invalid SGX device.

Error Message

My computer used to be able to with SGX-protected programs, but now it fails to run them anymore.
The programs will throw errors as the following:

Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.

I reproduce the error in SampleEnclave, from the Intel SGX SDK sample code.

$ make SGX_MODE=HW
...
$ ./app
Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.
Enter a character before exit ...

The binary is runnable if SampleEnclave is compiled for simulation mode.

$ make SGX_MODE=SIM
...
$ ./app
Checksum(0x0x7ffca1fcc530, 100) = 0xfffd4143
Info: executing thread synchronization, please wait...
Info: SampleEnclave successfully returned.
Enter a character before exit ...

Auxiliary Information

OS: Ubuntu* 18.04 LTS Desktop 64bits
Linux Header: linux-headers-5.4.0-42-generic
CPU: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
SGX SDK Version: sgx_linux_x64_sdk_2.11.100.2
SGX Driver: b0a445b
SGX PSW: 2.11.100.2-bionic1

$ dmesg | grep sgx
[ 2.099517] isgx: loading out-of-tree module taints kernel.
[ 2.099544] isgx: module verification failed: signature and/or required key missing - tainting kernel
[ 2.099782] intel_sgx: Intel SGX Driver v2.6.0
[ 2.099795] intel_sgx INT0E0C:00: EPC bank 0x80200000-0x85f80000
[ 2.100810] intel_sgx: second initialization call skipped
$ lsmod | grep sgx
isgx 53248 1

I ran SGX-hardware to make sure the SGX device exists.

$ ./test-sgx
...
Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c6fbf ecx: 0 edx: 9c002600
sgx available: 1
sgx launch control: 0

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

 

I reinstalled the SGX SDK, PSW, and driver several times, and it didn't work.

I googled the error message but still couldn't find any viable solution.

Can anyone give me some hints to resolve this issue? I will be grateful for your help.

Labels (2)
0 Kudos
11 Replies
Highlighted
Moderator
306 Views

Hello Lucyan,


I was able to reproduce your issue if I ran the sample before installing the launch service from the SGX PSW.


Please try installing the SGX PSW by running the commands in for Intel SGX PSW Installation on the bottom of page 7 of https://download.01.org/intel-sgx/sgx-linux/2.11/docs/Intel_SGX_Installation_Guide_Linux_2.11_Open_S....


$ echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list

$ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -

$ sudo apt-get update

# Installing only the launch service

$ sudo apt-get install libsgx-launch libsgx-urts


Try running the sample after you install the launch service as described above.




Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
295 Views

Hello JesusG,

Thank you for your help. But after following the instructions, I still can't get the sample code running. Here are the outputs from the terminal.

... (the previous installation commands)
$ sudo apt-get install libsgx-launch libsgx-urts
Reading package lists... Done
Building dependency tree
Reading state information... Done
libsgx-launch is already the newest version (2.11.100.2-bionic1).
libsgx-urts is already the newest version (2.11.100.2-bionic1).
...
$ make SGX_MODE=HW
...
$ ./app
Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.
Enter a character before exit ...

I tried rebooting my machine after installing the packages, but it didn't work either.

Please let me know if you need any other information.

0 Kudos
Highlighted
Moderator
282 Views

Hello Lucyan,


Please provide the list of all installed SGX components by running:


$ apt list --installed | grep -i sgx



Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
276 Views

Hello JesusG,

No problem. Here you go.

$ apt list --installed | grep -i sgx

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libsgx-ae-epid/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-ae-le/unknown,now 2.11.100.2-bionic1 amd64 [installed,auto-removable]
libsgx-ae-pce/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-ae-qe3/unknown,now 1.8.100.2-bionic1 amd64 [installed,automatic]
libsgx-ae-qve/unknown,now 1.8.100.2-bionic1 amd64 [installed,automatic]
libsgx-aesm-ecdsa-plugin/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-aesm-epid-plugin/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-aesm-pce-plugin/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-aesm-quote-ex-plugin/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
libsgx-dcap-ql/unknown,now 1.8.100.2-bionic1 amd64 [installed]
libsgx-dcap-quote-verify/unknown,now 1.8.100.2-bionic1 amd64 [installed,automatic]
libsgx-enclave-common/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-enclave-common-dbgsym/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-enclave-common-dev/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-epid/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-launch/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-pce-logic/unknown,now 1.8.100.2-bionic1 amd64 [installed,automatic]
libsgx-qe3-logic/unknown,now 1.8.100.2-bionic1 amd64 [installed,automatic]
libsgx-quote-ex/unknown,now 2.11.100.2-bionic1 amd64 [installed]
libsgx-urts/unknown,now 2.11.100.2-bionic1 amd64 [installed]
sgx-aesm-service/unknown,now 2.11.100.2-bionic1 amd64 [installed,automatic]
0 Kudos
Highlighted
Moderator
263 Views

Hello Lucyan,

If aesmd is not running then you can get this type of error. Double check if aesmd is running, and check the syslog for aesmd messages.


ps aux | grep -i aesm

sudo systemctl start aesmd

cat /var/log/syslog | grep -i aesm


Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
256 Views

Hello JesusG,

Thanks for your response. aesm seems running on my machine, but the error still occurs.

$ ps aux | grep -i aesm
aesmd 1170 0.0 0.0 354448 12440 ? Ssl Sep01 0:00 /opt/intel/sgx-aesm-service/aesm/aesm_service
...
$ sudo systemctl start aesmd
$ cat /var/log/syslog | grep -i aesm
$ ./app
Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.
Enter a character before exit ...

"cat /var/log/syslog | grep -i aesm" outputs nothing. Does it mean something wrong?

0 Kudos
Highlighted
Moderator
239 Views

Hello Lucyan,


We are still looking into your issue. Your aesmd seems to be fine. Can you send us the output from:


$ ldd ./app


Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Beginner
235 Views

Hi JesusG,

I really appreciate your continued support. Here is the output:

$ ldd ./app
linux-vdso.so.1 (0x00007ffd9fdf9000)
libsgx_urts.so => /usr/lib/x86_64-linux-gnu/libsgx_urts.so (0x00007f0a39c29000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f0a39815000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f0a39441000)
libgcc_s.so.1 => /home/myuserfolder/anaconda2/lib/libgcc_s.so.1 (0x00007f0a39bdf000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0a39050000)
libsgx_enclave_common.so.1 => /usr/lib/x86_64-linux-gnu/libsgx_enclave_common.so.1 (0x00007f0a39bd5000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0a38e4c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0a39a34000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f0a38aae000)

 

0 Kudos
Highlighted
Beginner
205 Views

I have essentially the same issue, except when executing ./app I get "failed to load enclave"

running 

cat /var/log/syslog | grep -i aesm

gives  

Sep 3 13:06:24 machineName systemd[1]: Starting Remount /dev as exec to allow AESM service to boot and load enclaves into SGX...
Sep 3 13:06:24 machineName systemd[1]: Started Remount /dev as exec to allow AESM service to boot and load enclaves into SGX.
Sep 3 13:06:25machineName aesm_service[30829]: The server sock is 0x563c9772e2d0

$ ldd ./app gives

linux-vdso.so.1 (0x00007ffd637da000)
libsgx_urts.so => /usr/lib/x86_64-linux-gnu/libsgx_urts.so (0x00007fb8a571e000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb8a513c000)
libsgx_enclave_common.so.1 => /usr/lib/x86_64-linux-gnu/libsgx_enclave_common.so.1 (0x00007fb8a5716000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb8a4f1d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb8a4d19000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fb8a4990000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fb8a4778000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb8a552d000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fb8a43da000)

 

Simulation mode runs fine.

0 Kudos
Highlighted
Moderator
88 Views

Hello Lucyan,


Unfortunately, we have exhausted our troubleshooting steps and everything looks like it should work.


This is not the answer you were looking for but we recommend a new OS build and fresh installation of all SGX components. There is nothing more we can recommend at this point.


Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Moderator
33 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Jesus Garcia, Intel Customer Support
0 Kudos