Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Failed to run call sgx_ra_get_msg1_ex in SGXSDK REMOTEAttestation on Ubuntu 20.04.

DeCoLin007
Beginner
571 Views

In RemoteAttestation, the ECDSA algorithm runs correctly, but when EPID algorithm starts, it outputs the following lines:

 

Second round, we will try EPID algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

Error, call sgx_ra_get_msg1_ex fail [main].

aesmd log listed below:

11月 21 15:15:03 lin07 aesm_service[329251]: [get_platform_quote_cert_data ../qe_logic.cpp:428] Couldn't find the platform library. libdcap_quoteprov.so: canno>
11月 21 15:15:03 lin07 aesm_service[329251]: [get_qpl_handle ../qe_logic.cpp:294] Cannot open Quote Provider Library libdcap_quoteprov.so.1 and libdcap_quotepr>
11月 21 15:15:03 lin07 aesm_service[329251]: [read_persistent_data ../qe_logic.cpp:1061] Couldn't find the platform library. libdcap_quoteprov.so: cannot open >
11月 21 15:15:03 lin07 aesm_service[329251]: [get_qpl_handle ../qe_logic.cpp:294] Cannot open Quote Provider Library libdcap_quoteprov.so.1 and libdcap_quotepr>
11月 21 15:15:03 lin07 aesm_service[329251]: [get_platform_quote_cert_data ../qe_logic.cpp:428] Couldn't find the platform library. libdcap_quoteprov.so: canno>
11月 21 15:15:03 lin07 aesm_service[329251]: [ADMIN]EPID Provisioning initiated
11月 21 15:15:04 lin07 aesm_service[329251]: The Request ID is 3226629941194643b9f8c89e9a2fd12b
11月 21 15:15:05 lin07 aesm_service[329251]: The Request ID is 9cbc80f0a3d14d7498602bcf6adfa0c6
11月 21 15:15:05 lin07 aesm_service[329251]: [ADMIN]EPID Provisioning protocol error reported by Backend (9)
11月 21 15:15:05 lin07 aesm_service[329251]: [ADMIN]EPID Provisioning failed

dmesg | grep sgx output:

[    0.378515] sgx: EPC section 0x80200000-0x85f7ffff
[ 1586.085765] isgx: loading out-of-tree module taints kernel.
[ 1586.085807] isgx: module verification failed: signature and/or required key missing - tainting kernel
[ 1586.086311] intel_sgx: Intel SGX Driver v2.11.0
[ 1586.086318] UBSAN: shift-out-of-bounds in /home/lin07/Desktop/tee-setup/linux-sgx-driver/sgx_main.c:224:11
[ 1586.086341]  sgx_drv_probe.cold+0x165/0x51e [isgx]
[ 1586.086361]  ? sgx_get_unmapped_area+0xb0/0xb0 [isgx]
[ 1586.086366]  init_sgx_module+0x2f/0x90 [isgx]
[ 1586.086419] intel_sgx INT0E0C:00: EPC bank 0x80200000-0x85f80000
[ 1586.087419] intel_sgx: second initialization call skipped
[ 8411.284574] WARNING: CPU: 8 PID: 193105 at arch/x86/kernel/cpu/sgx/encl.c:925 sgx_alloc_va_page+0xbe/0xe0
[ 8411.284592] Modules linked in: isgx(OE) snd_seq_dummy rfcomm cmac algif_hash algif_skcipher af_alg bnep nls_iso8859_1 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c snd_hda_codec_hdmi snd_sof_pci_intel_cnl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi soundwire_bus snd_hda_codec_realtek snd_soc_core snd_hda_codec_generic ledtrig_audio snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec iwlmvm snd_hda_core snd_hwdep intel_tcc_cooling x86_pkg_temp_thermal snd_pcm intel_powerclamp mac80211 coretemp snd_seq_midi snd_seq_midi_event i915 mei_hdcp intel_rapl_msr libarc4 kvm_intel ttm snd_rawmidi kvm btusb crct10dif_pclmul drm_kms_helper snd_seq btrtl ghash_clmulni_intel btbcm snd_seq_device cec btintel binfmt_misc processor_thermal_device_pci_legacy iwlwifi
[ 8411.284869] RIP: 0010:sgx_alloc_va_page+0xbe/0xe0
[ 8411.284937]  sgx_encl_grow.isra.0+0x57/0x90
[ 8411.284957]  sgx_encl_create+0x3f/0x260
[ 8411.285007]  sgx_ioctl+0x1dc/0x4a0
[ 8411.285099] EREMOVE returned 13 (0xd) and an EPC page was leaked. SGX may become unusable. Refer to Documentation/x86/sgx.rst for more information.
[ 8411.285105] WARNING: CPU: 8 PID: 193105 at arch/x86/kernel/cpu/sgx/encl.c:991 sgx_encl_free_epc_page+0x91/0xc0
[ 8411.285116] Modules linked in: isgx(OE) snd_seq_dummy rfcomm cmac algif_hash algif_skcipher af_alg bnep nls_iso8859_1 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c snd_hda_codec_hdmi snd_sof_pci_intel_cnl snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi soundwire_bus snd_hda_codec_realtek snd_soc_core snd_hda_codec_generic ledtrig_audio snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec iwlmvm snd_hda_core snd_hwdep intel_tcc_cooling x86_pkg_temp_thermal snd_pcm intel_powerclamp mac80211 coretemp snd_seq_midi snd_seq_midi_event i915 mei_hdcp intel_rapl_msr libarc4 kvm_intel ttm snd_rawmidi kvm btusb crct10dif_pclmul drm_kms_helper snd_seq btrtl ghash_clmulni_intel btbcm snd_seq_device cec btintel binfmt_misc processor_thermal_device_pci_legacy iwlwifi
[ 8411.285354] RIP: 0010:sgx_encl_free_epc_page+0x91/0xc0
[ 8411.285408]  ? sgx_alloc_va_page+0xc0/0xe0
[ 8411.285416]  sgx_alloc_va_page+0x97/0xe0
[ 8411.285423]  sgx_encl_grow.isra.0+0x57/0x90
[ 8411.285438]  sgx_encl_create+0x3f/0x260
[ 8411.285483]  sgx_ioctl+0x1dc/0x4a0

other samplecode can run correctly, except for the RemoteAttestation. More info about device

  • Ubuntu20.04
  • SGX SDK 2.19
  • SGX Driver 2.11

Any suggestion is appreciated!!!

 

0 Kudos
4 Replies
Wan_Intel
Moderator
557 Views

Hi DeCoLin007,

Thanks for reaching out to us.

Let me check with the relevant team and I'll update you as soon as possible.



Regards,

Wan


0 Kudos
Wan_Intel
Moderator
535 Views

Hi DeCoLin007,

Thanks for reaching out to us.

I've validated RemoteAttestation Sample Code in Simulation mode with the latest Intel® SGX driver and Intel® SGX SDK on Ubuntu 20. Could you please download the latest Intel® SGX driver and Intel® SGX SDK and see if the issue can be resolved?

 

You may download the latest Intel® SGX driver and Intel® SGX SDK at: https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu20.04-server/

 

 

Regards,

Wan

 

0 Kudos
DeCoLin007
Beginner
486 Views

Hi Wan,
Sorry for my late reply, I have tried to run it in Simulation mode, and it worked! But I still can't figure out why RemoteAttestation can't run in HW mode (my device is equipped with SGX)
截屏2023-11-27 10.51.51.png

Best,
DeCoLin007

0 Kudos
Wan_Intel
Moderator
469 Views

Hi DeCoLin007,

Thanks for reaching out to us.

Let me check with the relevant team and I'll update you as soon as possible.



Regards,

Wan


0 Kudos
Reply