Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Get SigRL via http request does not work


Hi there,

It has been written that the result {gid} of sgx_get_extended_epid_group_id needs to be sent as a parameter according to API documentation. For me, the result is 0 on my platform.

I have the account and can verify that subscription key in the header is OK, (if I change a couple of bytes Http response becomes 401, which means it works fine) 

But the thing is, when I perform a GET with the link above, the result is 404, do you think I needed to do something extra? Or the Signature Revocation Lists on IAS do not exist by default?

Btw, I am testing this subscription: "Product DEV Intel® Software Guard Extensions Attestation Service (Linkable)"



0 Kudos
1 Reply

Hello Sinan,

It can get confusing because there are two EPID group IDs: 1) the extended Intel® EPID group ID, which is always zero, and 2) the Intel® EPID group ID (not extended). The one you want to use in the URL is the non-extended Intel® EPID group ID. You can get this {gid} by using the sgx_init_quote command. For details on sgx_init_qoute, refer to the Intel® Software Guard Extensions Developer Reference for your OS.

sgx_init_quote returns information needed by an Intel® SGX application to get a quote of one of its enclaves.

sgx_status_t sgx_init_quote(
  sgx_target_info_t *p_target_info,
  sgx_epid_group_id_t *p_gid

sgx_status_t sgx_init_quote(
sgx_target_info_t *p_target_info,
sgx_epid_group_id_t *p_gid
p_target_info [out]
Allows an enclave for which the quote is being created, to create report that
only QE can verify.
p_gid [out]
ID of platform’s current Intel® EPID group.


Is this helpful?



Intel Customer Support


0 Kudos