Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1521 Discussions

I desperately need some help about running Intel SGX RAP without getting "sgx_report_attestation_status ret = 0x4006"

Rama__Klei
Beginner
‎12-11-2019 02:44 AM
572 Views

I am trying to run RAP code (with few modification) from https://github.com/intel/sgx-ra-sample.

In my settings I have two computers Intel NUC both with production code: BOXNUC8i7HVK3.

Two days before I updated their BIOS to the latest version which to my best knowledge is: HNKBLi70.86A.0059.2019.1112.1124

In both PCs I am using ubuntu 18.04 and have also downloaded the latest SGX packages which seems to be version 2.7.101.3 from https://download.01.org/intel-sgx/sgx-linux/2.7.1/distro/ubuntu18.04-server/

So up to now I assumed everything was up to date.

Then I run RAP betweem two computers in which one acts as client where my enclave resides and the other acts as server from where in gateway (a VM in my case) initiates RAP with the client.

The code runs and I got the following output in both machines:

in server machine where I execute: ./run-server, I got the following disturbing output

---- ISV Enclave Trust Status ----------------------------------------------
Enclave NOT TRUSTED and COMPLICATED - Reason: GROUP_OUT_OF_DATE
A Platform Info Blob (PIB) was provided by the IAS

In client machine where I execute: ./run-client, I got the following disturbing output

---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED
A Platform Info Blob (PIB) was provided by the IAS
+++ PIB: 04000900000d0d02040101030000000000000000000a00000b000000020000000000000b71a3166fc5e3916294186730ebfb23c639a76853ace68ed93f9ae631e2b0c29014446cc82e8161019b08506fc2a5fc9e68604265fc36e5573e3a470d60be63e520
+++ sgx_report_attestation_status ret = 0x4006
----------------------------------------------------------------------------

---- Platform Update Required ----------------------------------------------
The following Platform Update(s) are required to bring this
platform's Trusted Computing Base (TCB) back into compliance:

  * Intel SGX Platform Software needs to be updated to the latest version.
  * The CPU Microcode needs to be updated.  Contact your OEM for a platform
    BIOS Update.

 

I have seen different threads from this forum and seems that main reason according to my understanding seems to be BIOS and Intel SGX related packages updates, but I still am sure that I have the latest version for both machines (even though I do not need Intel SGX at my server machine)

I desperately need some assists from this forum since I do not really know how to get rid off stauts: 0x4006

0 Kudos

Link Copied

1 Reply
Scott_R_Intel
Moderator
‎12-16-2019 01:05 PM
572 Views

Hello.

Though that is the most recent BIOS for your NUC platform, it does not yet contain the latest microcode required for the most recent security advisories posted by Intel.  The release notes for that BIOS version (v0059) show it has microcode v.0xb4, but from the Intel's latest microcode guidance for that NUC's processor (i7-8809G) in the just released IPU2019.2 shows the latest microcode v.0xc6.

I, unfortunately, have no guidance as to when any of the NUC BIOSs will be updated.

Regards.

Scott

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.