Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Getting wrong gid in remote attestation



I'm trying to perform remote attestation and for some reason, I'm getting a wrong gid reply. From the documentation, I gathered that a 404 means that the gid was wrong, however, checking the gid, I think I did the right one. I obtained the EPID and formatted correctly to transform it to a gid. Any ideas on what might be happening? Is it possible that I'm getting the wrong EPID from the SGX API? Thank you.

*   Trying
* Connected to ( port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=CA; L=Santa Clara; O=Intel Corporation;
* start date: 2016-09-14 17:24:30 GMT
* expire date: 2018-09-04 17:24:30 GMT
* subjectAltName: matched
* issuer: C=US; ST=CA; L=Santa Clara; O=Intel Corporation; CN=Intel External Issuing CA 6A
* SSL certificate verify ok.
> GET /attestation/sgx/v2/sigrl/0000000b HTTP/1.1
Accept: */*
< HTTP/1.1 404 Not Found
< content-length: 0
< request-id: 916191bf1a304b63aab2f06f2bd319a5
< date: Wed, 19 Jul 2017 01:32:45 GMT
< Connection: keep-alive
0 Kudos
1 Reply
New Contributor III


Do you use SGX_MODE=SIM? If so, I think it's the reason. Because I see your gid is "0000000b". Actually, In Hardware mode it should be something else.


Regards you.w