Community
cancel
Showing results for 
Search instead for 
Did you mean: 
154 Views

Get SigRL via http request does not work

Hi there,

It has been written that the result {gid} of sgx_get_extended_epid_group_id needs to be sent as a parameter according to API documentation. For me, the result is 0 on my platform.

I have the account and can verify that subscription key in the header is OK, (if I change a couple of bytes Http response becomes 401, which means it works fine)

https://api.trustedservices.intel.com/sgx/dev/attestation/v3/sigrl/00000000 

But the thing is, when I perform a GET with the link above, the result is 404, do you think I needed to do something extra? Or the Signature Revocation Lists on IAS do not exist by default?

Btw, I am testing this subscription: "Product DEV Intel® Software Guard Extensions Attestation Service (Linkable)"

Best,

Sinan

Tags (1)
0 Kudos
1 Reply
JesusG_Intel
Moderator
154 Views

Hello Sinan,

It can get confusing because there are two EPID group IDs: 1) the extended Intel® EPID group ID, which is always zero, and 2) the Intel® EPID group ID (not extended). The one you want to use in the URL is the non-extended Intel® EPID group ID. You can get this {gid} by using the sgx_init_quote command. For details on sgx_init_qoute, refer to the Intel® Software Guard Extensions Developer Reference for your OS.


sgx_init_quote returns information needed by an Intel® SGX application to get a quote of one of its enclaves.
Syntax

sgx_status_t sgx_init_quote(
  sgx_target_info_t *p_target_info,
  sgx_epid_group_id_t *p_gid
);


sgx_status_t sgx_init_quote(
sgx_target_info_t *p_target_info,
sgx_epid_group_id_t *p_gid
);
Parameters
p_target_info [out]
Allows an enclave for which the quote is being created, to create report that
only QE can verify.
p_gid [out]
ID of platform’s current Intel® EPID group.

 

Is this helpful?

Regards,

Jesus

Intel Customer Support

 

Reply