Get SigRL via http request does not work

Buyukkardes__Sinan · ‎02-20-2020

Hi there,

It has been written that the result {gid} of sgx_get_extended_epid_group_id needs to be sent as a parameter according to API documentation. For me, the result is 0 on my platform.

I have the account and can verify that subscription key in the header is OK, (if I change a couple of bytes Http response becomes 401, which means it works fine)

https://api.trustedservices.intel.com/sgx/dev/attestation/v3/sigrl/00000000

But the thing is, when I perform a GET with the link above, the result is 404, do you think I needed to do something extra? Or the Signature Revocation Lists on IAS do not exist by default?

Btw, I am testing this subscription: "Product DEV Intel® Software Guard Extensions Attestation Service (Linkable)"

Best,

Sinan

JesusG_Intel · ‎02-21-2020

Hello Sinan,

It can get confusing because there are two EPID group IDs: 1) the extended Intel® EPID group ID, which is always zero, and 2) the Intel® EPID group ID (not extended). The one you want to use in the URL is the non-extended Intel® EPID group ID. You can get this {gid} by using the sgx_init_quote command. For details on sgx_init_qoute, refer to the Intel® Software Guard Extensions Developer Reference for your OS.

sgx_init_quote returns information needed by an Intel® SGX application to get a quote of one of its enclaves.
Syntax

sgx_status_t sgx_init_quote(
  sgx_target_info_t *p_target_info,
  sgx_epid_group_id_t *p_gid
);

sgx_status_t sgx_init_quote(
sgx_target_info_t *p_target_info,
sgx_epid_group_id_t *p_gid
);
Parameters
p_target_info [out]
Allows an enclave for which the quote is being created, to create report that
only QE can verify.
p_gid [out]
ID of platform’s current Intel® EPID group.

Is this helpful?

Regards,

Jesus

Intel Customer Support