- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am trying to run RAP code (with few modification) from https://github.com/intel/sgx-ra-sample
In my settings I have two computers Intel NUC both with production code: BOXNUC8i7HVK3.
Two days before I updated their BIOS to the latest version which to my best knowledge is: HNKBLi70.86A.0059.2019.1112.1124
In both PCs I am using ubuntu 18.04 and have also downloaded the latest SGX packages which seems to be version 2.7.101.3 from https://download.01.org/intel-sgx/sgx-linux/2.7.1/distro/ubuntu18.04-server/
So up to now I assumed everything was up to date.
Then I run RAP betweem two computers in which one acts as client where my enclave resides and the other acts as server from where in gateway (a VM in my case) initiates RAP with the client.
The code runs and I got the following output in both machines:
in server machine where I execute: ./run-server, I got the following output:
---- ISV Enclave Trust Status ---------------------------------------------- Enclave NOT TRUSTED and COMPLICATED - Reason: GROUP_OUT_OF_DATE A Platform Info Blob (PIB) was provided by the IAS
And at client side I got the following output:
---- Enclave Trust Status from Service Provider ---------------------------- Enclave TRUSTED A Platform Info Blob (PIB) was provided by the IAS +++ PIB: 04000900000d0d02040101030000000000000000000a00000b000000020000000000000b71609ba302469a76dcf30f0dc16dbe69cb2f779d648a577e960948c9c32da1ca65758b9618c49a952c29213fbe4b8aa3cd04116a8df549112f672f213b4a4291f5 +++ sgx_report_attestation_status ret = 0x4006 ---------------------------------------------------------------------------- ---- Platform Update Required ---------------------------------------------- The following Platform Update(s) are required to bring this platform's Trusted Computing Base (TCB) back into compliance: * Intel SGX Platform Software needs to be updated to the latest version. * The CPU Microcode needs to be updated. Contact your OEM for a platform BIOS Update. ----------------------------------------------------------------------------
I need some help how to resolve such issue.
- Tags:
- General Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The root cause should be that the BIOS has some security issue, and the used latest BIOS didn't resolve this security issue.
In your log file, there are should some information like: advisory-url and advisory-ids. Please refer these information.
Except waiting for the latest BISO that resolve the security issue, it seems that there is no good way to resolve your problem.
- Tags:
- GROUP_OUT_OF_DATE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Junli,
I have the same problem as a topic starter. While I have the latest BIOS version in place, I also get a GROUP_OUT_OF_DATE error from IAS.
Now, I do understand that due to newly discovered CPU vulnerabilities (now there is a new LVI one) there will be new BIOS updates with patches. This is great and I applaud your team for their effort to make SGX more secure and robust. What I don't understand is why you update the IAS configs that determine what platforms can be trusted or not without releasing the BIOS updates for those platforms at the same time.
Will there ever be a moment when my Intel NUC NUC7i7BNH with the latest BIOS installed and the Intel IAS service trust each other? Is there anything I can do about it?
Thanks
JUNLI S. (Intel) wrote:The root cause should be that the BIOS has some security issue, and the used latest BIOS didn't resolve this security issue.
In your log file, there are should some information like: advisory-url and advisory-ids. Please refer these information.
Except waiting for the latest BISO that resolve the security issue, it seems that there is no good way to resolve your problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Igor, Sorry for my later response.
1. When IAS has new release, I think you should receive the notice. Please pay attention to the notice
2. please monitor the BIOS update for your platform
3. please pay attention to use the latest SGX PSW software stack.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page