Getting wrong gid in remote attestation

Hassan_A_ · ‎07-18-2017

Hello,

I'm trying to perform remote attestation and for some reason, I'm getting a wrong gid reply. From the documentation, I gathered that a 404 means that the gid was wrong, however, checking the gid, I think I did the right one. I obtained the EPID and formatted correctly to transform it to a gid. Any ideas on what might be happening? Is it possible that I'm getting the wrong EPID from the SGX API? Thank you.

* Trying 208.39.114.225...

* Connected to test-as.sgx.trustedservices.intel.com (208.39.114.225) port 443 (#0)

* successfully set certificate verify locations:

* CAfile: none

CApath: /etc/ssl/certs

* SSL connection using ECDHE-RSA-AES128-GCM-SHA256

* Server certificate:

* subject: C=US; ST=CA; L=Santa Clara; O=Intel Corporation; CN=test-as.sgx.trustedservices.intel.com

* start date: 2016-09-14 17:24:30 GMT

* expire date: 2018-09-04 17:24:30 GMT

* subjectAltName: test-as.sgx.trustedservices.intel.com matched

* issuer: C=US; ST=CA; L=Santa Clara; O=Intel Corporation; CN=Intel External Issuing CA 6A

* SSL certificate verify ok.

> GET /attestation/sgx/v2/sigrl/0000000b HTTP/1.1

Host: test-as.sgx.trustedservices.intel.com

Accept: */*

< HTTP/1.1 404 Not Found

< content-length: 0

< request-id: 916191bf1a304b63aab2f06f2bd319a5

< date: Wed, 19 Jul 2017 01:32:45 GMT

< Connection: keep-alive

you_w_ · ‎07-18-2017

Hi:

Do you use SGX_MODE=SIM? If so, I think it's the reason. Because I see your gid is "0000000b". Actually, In Hardware mode it should be something else.

Regards you.w