Solved: Get GROUP_OUT_OF_DATE from IAS with the latest bios ?

muye · ‎01-28-2021

Hello, I have the same problem with the issue here : https://community.intel.com/t5/Intel-Software-Guard-Extensions/CPU-has-latest-microcode-but-Attestation-Service-claims-an/m-p/1232267

and get the solution as follows:

Follow these steps to mitigate SGX issues:

Refer to your OEM to get the latest BIOS and inquire if it has the latest microcode with the required fixes implemented.
Install the early load microcode that comes with the latest BIOS from the OEM.

I know there is five microcode-update points from microcode-update-guidance .So I think the words Install the early load microcode means just FIT Microcode Update or Early BIOS Microcode Update ,is this right ? I have in touch with OEM, since the experts from OEM says they don't know the solution what could i do then?

JesusG_Intel · ‎01-28-2021

Hello muye,

You are correct. Either FIT or Early Microcode Update is what you need. The latest BIOS update from an OEM may not contain all of the latest mitigations for a particular TCB. Hence the advice to: "Refer to your OEM to get the latest BIOS and inquire if it has the latest microcode with the required fixes implemented."

Sincerely,

Jesus G.

Intel Customer Support

View solution in original post

JesusG_Intel · ‎01-28-2021

Hello muye,

You are correct. Either FIT or Early Microcode Update is what you need. The latest BIOS update from an OEM may not contain all of the latest mitigations for a particular TCB. Hence the advice to: "Refer to your OEM to get the latest BIOS and inquire if it has the latest microcode with the required fixes implemented."

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎02-01-2021

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.