Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Getting wrong gid in remote attestation



I'm trying to perform remote attestation and for some reason, I'm getting a wrong gid reply. From the documentation, I gathered that a 404 means that the gid was wrong, however, checking the gid, I think I did the right one. I obtained the EPID and formatted correctly to transform it to a gid. Any ideas on what might be happening? Is it possible that I'm getting the wrong EPID from the SGX API? Thank you.

*   Trying
* Connected to ( port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=Santa Clara; O=Intel Corporation;
* start date: 2016-09-14 17:24:30 GMT
* expire date: 2018-09-04 17:24:30 GMT
* subjectAltName: matched
* issuer: C=US; ST=CA; L=Santa Clara; O=Intel Corporation; CN=Intel External Issuing CA 6A
* SSL certificate verify ok.
> GET /attestation/sgx/v2/sigrl/0000000b HTTP/1.1
Accept: */*
< HTTP/1.1 404 Not Found
< content-length: 0
< request-id: 916191bf1a304b63aab2f06f2bd319a5
< date: Wed, 19 Jul 2017 01:32:45 GMT
< Connection: keep-alive
0 Kudos
1 Reply
New Contributor III


Do you use SGX_MODE=SIM? If so, I think it's the reason. Because I see your gid is "0000000b". Actually, In Hardware mode it should be something else.


Regards you.w