Hello,

I know this topic of GROUP_OUT_OF_DATE came up several times, and typically updating BIOS resolved it. Yes, I am aware of this post: https://software.intel.com/en-us/comment/1911344#comment-1911344.

I called "sgx_report_attestation_status" on the "platform information blob". I got error 0x4006 (SGX_ERROR_UPDATE_NEEDED).

Looking at the "sgx_update_info_bit_t*" I got back from "sgx_report_attestation_status"   I see: ucodeUpdate == 1; csmeFwUpdate == 0; pswUpdate == 0;

Which I assumed meant I need a microcode update (while the ME and the PSW are OK). I have a NUC machine NUC7i7BNH, and the most recent bios update is from recent November (2017). This brings me to ucode version 0x70:

Output of /proc/cpuinfo:

vendor_id : GenuineIntel

cpu family : 6

model : 142

model name : Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz

stepping : 9

microcode : 0x70

I even tried manually updating the microcode version to 0x80, but I still get GROUP_OUT_OF_DATE error. I wonder if the ucode has to be updated by the BIOS for it to "count" for SGX.

Any hints? Can it be in any way related to my client-side certificates I am using to communicate with IAS?

Is there a new BIOS update for NUC7i7 with the spectre/meltdown patched ucode?

Thanks!

Ofir