Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1540 Discussions

Getting Intel PCS server returns error(404)

jgnoonan
New Contributor I
‎12-07-2024 12:07 AM
9,201 Views
Solved Jump to solution

I am confused on how this is supposed to work with Azure Confidential Computing with Intel SGX virtual machines.  I am running this VM with Ubuntu 20.04.  I have installed the Intel SGX SDK, as well as the AESM and PCCS Services.  My sgx_default_qncl.conf file looks like this:

{
  "pccs_url": "https://localhost:8081/sgx/certification/v3/",

  "use_secure_cert": false,

  "collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v3/",

  "pccs_api_version": "3.1",

  "retry_times": 6,

  "retry_delay": 5,

  "local_pck_url": "http://169.254.169.254/metadata/THIM/sgx/certification/v3/",

  "pck_cache_expire_hours": 48,

  "custom_request_options" : {
       "get_cert" : {
          "headers": {
              "metadata": "true"
          },
          "params": {
             "api-version": "2021-07-22-preview"
         }
      }
   }
}

When I run the PCKIDRetrievalTool, it generates the csv and repoorts that the file was successfully sent to the cache server.  It seems that a part of the process is missing, namely registering the server (VM).  In my application, I am getting a failed to renew attestation error, attestation data invalid: No evidence provided on handshake start.  Any guidance would be greatly appreciated.

1 Solution
jgnoonan
New Contributor I
‎12-12-2024 07:17 AM
8,738 Views
Solved Jump to solution

Scott:  Thanks.  So it turns out my client did not install the Intel Microcode updates to their VM.  They claimed they had, but in fact, hadn't.  Once that was done, and the system rebooted, we rebuilt the enclaves including the flags recommended by the CVE docs, the issue was resolved.  Everything is up and running and I will accept the solution.  Thanks again so much for your help.

Problem resolution:

1.  Ran 

sudo apt update && sudo apt install intel-microcode -y

2.  Rebooted Virtual Machine

3.  Rebuilt enclaves.

View solution in original post

0 Kudos
Copy link

Link Copied

22 Replies
jgnoonan
New Contributor I
‎12-23-2024 05:25 AM
511 Views
Solved Jump to solution
Roman if you need help let me know.
0 Kudos
Copy link
castleapp
Beginner
‎12-24-2024 09:24 PM
441 Views
Solved Jump to solution

If the Intel PCS server returns a 404 error, it means the server or resource is unavailable. Check if the URL is correct, the server is online, or if updates or changes have occurred in the service configuration.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.