Solved: Re:Failed to load QE3: 0x4004 - Page 2

sz · ‎04-14-2021

when i run a SGX remote attestation example （EPID attestation mode），

it's failed:

error: aesm_service returned error: 12
error: load_enclave() failed with error -1

so i checked the aesm service with `service aesm service status` command,

it is said:

[load_qe ../qe_logic.cpp:641] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
Failed to load QE3: 0x4004

and

[ADMIN]EPID Provisioning failed due to network error.

I tried reinstall sgx driver、sgx PSW、sgx sdk,but there is no effect。

how can i fix this problem？thanks a lot！

JesusG_Intel · ‎05-17-2021

Hello sz,

Your logs were very helpful.

There appears to be a problem with the authenticated code modules (ACMs) being loaded on your platform. Contact your OEM for an updated or fixed BIOS.

I apologize we cannot give more details than this. Your OEM should provide you a fixed BIOS.

Sincerely,

Jesus G.

Intel Customer Support

View solution in original post

JesusG_Intel · ‎05-12-2021

Hello sz,

Be sure to correctly set the proxy in /opt/intel/sgx-dcap-pccs/config/default.json.
In /etc/sgx_default_qcnl.conf, set USE_SECURE_CERT=FALSE
Send us the full PCCS logs.

Sincerely,

Jesus G.

Intel Customer Support

sz · ‎05-12-2021

Thanks @JesusG_Intel

1.I didn't set a proxy,our network should not use a proxy.

2.the value USE_SECURE_CERT is FALSE.

3.I upload the pccs _server.log file.

--------

By the way,

In this https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html url,

FLC support in Intel® Xeon® E systems is also dependent on the BIOS and firmware. The platform must have an Intel® Server Platform Services (Intel® SPS)–based BIOS and firmware. Check with your platform manufacturer to verify if it is SPS-based or not.

My cpu1 is not support the Intel® SPS (which is communicating in the post)，

My cpu2 is support the Intel® SPS which can successfully run the example.

cpu1 and cpu2 both support SGX1 and FLC ,but not support SGX2.

Is that mean we can't use the DCAP remote attestation without Intel SPS?

Is the pccs logs point to the intel SPS?

Thank you for your continued attenntion!

JesusG_Intel · ‎05-13-2021

Thank you for the information. We are still looking into it.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎05-17-2021

Hello sz,

Your logs were very helpful.

There appears to be a problem with the authenticated code modules (ACMs) being loaded on your platform. Contact your OEM for an updated or fixed BIOS.

I apologize we cannot give more details than this. Your OEM should provide you a fixed BIOS.

Sincerely,

Jesus G.

Intel Customer Support

sz · ‎05-24-2021

Thank you very much @JesusG_Intel

I have contacted the OEM and fed back the problem to them.

They said they are testing SGX related features. They'll let me know if they have any results.

Thanks!

Don_Ensley · ‎03-19-2024

I have an HP All-in-One 22-c0000a, with TPM, Intel SGX drivers, and the Intel Management Engine Components installed. I am getting 205 errors in my SGX logs:

AESMService: [load_qe X:\windows-trunk\dcap-trunk\dcap_source\QuoteGeneration\quote_wrapper\quote\qe_logic.cpp:721] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.

and also

AESMService: Failed to load QE3: 0x4004

These are errors in my SGX/Diagnostic folder under the Event viewer. In the SGX/Admin, I have the warning

AESMService: Platform Services initialization failed due to DAL error

Do you know why I am getting these errors and warnings? It seems that if I have the right drivers, then it all should be working smoothly, without the errors, and warning.

Thank you for any information you gender regarding this issue. could I have the incorrect Intel ME Components driver (DAL) installed?

Cheers,

Don Ensley

JesusG_Intel · ‎05-18-2021

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.