Solved: Error STATUS_SGX_CRL_UNKNOWN_ISSUER

Elod · ‎04-07-2025

Hi,

I am using AttestationApp from repository: https://github.com/intel/SGX-TDX-DCAP-QuoteVerificationLibrary/tree/v1.1.8180 and got this error:

$ LD_LIBRARY_PATH=./ ./AttestationApp --rootCaCrl=IntelSGXRootCA.der
Running QVL version: 1.0.0
Verification results: false

AppLogs:
PCK certificate chain verification failed with status: STATUS_SGX_CRL_UNKNOWN_ISSUER(29)
TCB info verification OK!
Quote verification failed with status: STATUS_INVALID_PCK_CRL(41)

Collateral data is collected from PCCS via its API, PCCS was provisioned with PCKIDRetrievalTool.

Note: I already found similar issue reported here and I have tested suggestions without no success.

Do you know what is causing the `STATUS_SGX_CRL_UNKNOWN_ISSUER` error and how I can fix it?

Thank you,
Elod

Elod · ‎04-10-2025

Solved my issue.

I was collecting pckCrl.der file from the wrong source.
Using the correct source, url from the pckCert\X509v3 CRL Distribution Points solved my issue.

View solution in original post

Elod · ‎04-10-2025

Solved my issue.

I was collecting pckCrl.der file from the wrong source.
Using the correct source, url from the pckCert\X509v3 CRL Distribution Points solved my issue.

Error STATUS_SGX_CRL_UNKNOWN_ISSUER

DCAP

Debugging

Linux

Remote Attestation

SGX Tools

Solved my issue.

Solved my issue.