- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when i run a SGX remote attestation example (EPID attestation mode),
it's failed:
error: aesm_service returned error: 12
error: load_enclave() failed with error -1
so i checked the aesm service with `service aesm service status` command,
it is said:
[load_qe ../qe_logic.cpp:641] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
Failed to load QE3: 0x4004
and
[ADMIN]EPID Provisioning failed due to network error.
I tried reinstall sgx driver、sgx PSW、sgx sdk,but there is no effect。
how can i fix this problem?thanks a lot!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello sz,
Your logs were very helpful.
There appears to be a problem with the authenticated code modules (ACMs) being loaded on your platform. Contact your OEM for an updated or fixed BIOS.
I apologize we cannot give more details than this. Your OEM should provide you a fixed BIOS.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello sz,
- Be sure to correctly set the proxy in /opt/intel/sgx-dcap-pccs/config/default.json.
- In /etc/sgx_default_qcnl.conf, set USE_SECURE_CERT=FALSE
- Send us the full PCCS logs.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @JesusG_Intel
1.I didn't set a proxy,our network should not use a proxy.
2.the value USE_SECURE_CERT is FALSE.
3.I upload the pccs _server.log file.
--------
By the way,
In this https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html url,
FLC support in Intel® Xeon® E systems is also dependent on the BIOS and firmware. The platform must have an Intel® Server Platform Services (Intel® SPS)–based BIOS and firmware. Check with your platform manufacturer to verify if it is SPS-based or not.
My cpu1 is not support the Intel® SPS (which is communicating in the post),
My cpu2 is support the Intel® SPS which can successfully run the example.
cpu1 and cpu2 both support SGX1 and FLC ,but not support SGX2.
Is that mean we can't use the DCAP remote attestation without Intel SPS?
Is the pccs logs point to the intel SPS?
Thank you for your continued attenntion!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the information. We are still looking into it.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello sz,
Your logs were very helpful.
There appears to be a problem with the authenticated code modules (ACMs) being loaded on your platform. Contact your OEM for an updated or fixed BIOS.
I apologize we cannot give more details than this. Your OEM should provide you a fixed BIOS.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much @JesusG_Intel
I have contacted the OEM and fed back the problem to them.
They said they are testing SGX related features. They'll let me know if they have any results.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have an HP All-in-One 22-c0000a, with TPM, Intel SGX drivers, and the Intel Management Engine Components installed. I am getting 205 errors in my SGX logs:
AESMService: [load_qe X:\windows-trunk\dcap-trunk\dcap_source\QuoteGeneration\quote_wrapper\quote\qe_logic.cpp:721] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
and also
AESMService: Failed to load QE3: 0x4004
These are errors in my SGX/Diagnostic folder under the Event viewer. In the SGX/Admin, I have the warning
AESMService: Platform Services initialization failed due to DAL error
Do you know why I am getting these errors and warnings? It seems that if I have the right drivers, then it all should be working smoothly, without the errors, and warning.
Thank you for any information you gender regarding this issue. could I have the incorrect Intel ME Components driver (DAL) installed?
Cheers,
Don Ensley
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »