Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Intel PCS & Azure DCs_v3

Dr_Al_Villarica
Beginner
2,289 Views

I am trying to install my own PCCS into Azure using the DCs_v3 servers which support Intel SGX (confidential computing).  When I attempt to do remote attestation, I get an exception:  SGX_ERROR_PLATFORM_CERT_UNAVAILABLE

I turned on traces, and it appears that the PCCS contacts the Intel PCS which returns an error.  Here's a snippet of the error:

 

[info]: 127.0.0.1 - - [13/Jul/2022:11:41:11 +0000] "GET /sgx/certification/v3/pckcert?qeid=....removed long string......&cpusvn=08080E0DFFFF01000000000000000000&pcesvn=0D00&pceid=0000 HTTP/1.1" 404 32 "-" "-"

 

Is there a reason why the Intel PCS does not support the Intel SGX processors that are used in Azure?

 

Labels (2)
0 Kudos
1 Solution
Scott_R_Intel
Employee
2,030 Views

Hello again.

No, Microsoft isn't blocking PCS accesses.  The reason you won't be able to retrieve certs for ACC platforms is due to the fact that ACC uses "indirect registration" for their platforms.  Because of this, you can't request PCK certs for these platforms using only PPID, which is all you have access to as an ACC tenant/guest VM.  You would need to have the "platform manifest" for the platform you're running on to get the cert for it, and that's only available from bare metal (not a guest VM).  There is a good security reason for using indirect registration - the platform registration keys (PRKs) are not stored in Intel's Registration Service.  The PRKs are only kept and used long enough to generate the PCK Certs and then are deleted.  Without those PRKs, Intel PCS cannot use the PPID to identify the platform and provide you the PCK cert.

Note, platform registration is only applicable to Intel Xeon Scalable platforms.  Intel Xeon E and consumer Core products do not need/have this registration step as PCS can actually use those CPUs' EncPPIDs to identify the CPU and provide the PCK Cert.

There is a lot more info on this topic in our "Remote Attestation for Multi-Package Platforms" doc.

Hope this helps.

Scott

View solution in original post

0 Kudos
9 Replies
Sahira_Intel
Moderator
2,261 Views

Hi,

It looks like the error is due to the PCK cert for the platform being unavailable. 

You mentioned you are using a custom PCCS, can you try installing the official SGX PCCS: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md This will make sure that the PCK is being retrieved successfully. 

 

Sincerely,

Sahira 


0 Kudos
Dr_Al_Villarica
Beginner
2,252 Views

Hi Sahira,

 

Apologies if my first post was not clear.  I was using the official SGX PCCS.  When I said "my own PCCS", I was referring to the fact that I was using the SGX PCCS instead of the Azure DCAP infrastructure.

Please note that I see the above exception when using Azure DCs_v3.  Someone told me that the official SGX PCCS worked when they tried Azure DCs_v2.

Lastly, the following is a log I got from the official SGX PCCS.  My understanding is that the official SGX PCCS is attempting to get information from the Intel PCS and is getting a "404 Not Found":

[info]: 127.0.0.1 - - [13/Jul/2022:11:41:11 +0000] "GET /sgx/certification/v3/pckcert?qeid=....removed long string......&cpusvn=08080E0DFFFF01000000000000000000&pcesvn=0D00&pceid=0000 HTTP/1.1" 404 32 "-" "-"

0 Kudos
Dr_Al_Villarica
Beginner
2,197 Views

Just following up on this please.  I have installed the latest official SGX PCCS (git tag dcap_1.14_reproducible) and I am still getting an error.  Please see the PCCS trace below and note the "Intel PCS server returns error. Error code : 404".

 

Thanks in advance.

 

azureuser@crdz-1:~/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs$ node -r esm pccs_server.js

morgan deprecated default format: use combined format node_modules/esm/esm.js:1:278827

2022-07-29 01:42:51.181 [info]: DB Migration (Ver.0 -> 1) -- Start

2022-07-29 01:42:51.186 [info]: DB Migration -- Done.

2022-07-29 01:42:51.217 [info]: DB Migration (Ver.1 -> 2) -- Start

2022-07-29 01:42:51.224 [info]: DB Migration -- Done.

2022-07-29 01:42:51.258 [info]: DB Migration (Ver.2 -> 3) -- Start

2022-07-29 01:42:51.265 [info]: DB Migration -- Done.

2022-07-29 01:42:51.336 [info]: HTTPS Server is running on: https://localhost:8081

2022-07-29 01:43:18.809 [info]: Client Request-ID : 757134b57bb64e2e83401000b4d9c5eb

2022-07-29 01:43:19.781 [info]: Request-ID is : 1e39cb7c1c5c4d478ac627dccce71ed4

2022-07-29 01:43:21.065 [info]: 127.0.0.1 - - [29/Jul/2022:01:43:21 +0000] "GET /sgx/certification/v3/rootcacrl HTTP/1.1" 200 586 "-" "curl/7.68.0"

 

2022-07-29 01:46:06.183 [info]: Client Request-ID : e030d2cd3ce54224996530835062f614

2022-07-29 01:46:06.771 [info]: Request-ID is : ecb554e17ad24b7ebc7e828234f38101

2022-07-29 01:46:06.771 [error]: Intel PCS server returns error(404).

2022-07-29 01:46:06.771 [error]: Intel PCS server returns error. Error code : 404

2022-07-29 01:46:06.772 [error]: Error: No cache data for this platform.

    at Proxy.getPckCertFromPCS (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/logic/commonCacheLogic.js:92:11)

    at processTicksAndRejections (node:internal/process/task_queues:96:5)

    at async LazyCachingMode.getPckCertFromPCS (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/caching_modes/cachingMode.js:126:12)

    at async Proxy.getPckCert (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/services/pckcertService.js:115:16)

    at async getPckCert (/home/azureuser/SGXDataCenterAttestationPrimitives/QuoteGeneration/pccs/controllers/pckcertController.js:77:25)

2022-07-29 01:46:06.776 [info]: 127.0.0.1 - - [29/Jul/2022:01:46:06 +0000] "GET /sgx/certification/v3/pckcert?qeid=2B8D369BD584F9B6FCBB3DE75D6F86DD&encrypted_ppid=C4C5B3FB5D96F53C80136589DAA6C5A5DE1F2D40F4E474C57F721574B593EA0048A86899A97F5E831A790330A423FFAD79DB9A876FAC70F9079F260AE130F411D16EB9AC2230962CCDC6217BC6B1AAB3DA70DD15CEC975F30638BCA3325459E6A0D29420369C03DAE9D123E7F9E331A8347F208936D70B7226F8DE6B0EECFF21B74D9E19FAE92FBAC519EBDFCCCAAF1ECDA6E89A96ED73593A65402B76186F2759D29621476A9612D22F32758AA9A6181BBA4C729D3FA984BF404DE7660BA1EC504B1D14CEAAE7EA77AD033FF93C7E552C154FB98A376DDAF9B613A4C51C01496EB28037DC7DA195318EF7C94C61FAEF9C792BD42849F9A2110955CC4FD4E083DA21AD701B31E074F16A23CCFCA185E098F67F7CDC8FD7FEC09D8281C12C277232CEBC2C72DBBDCE67B060860CE534574441C64DAAD71AE6B021D7611BD1603A92C52E49B1DA7519E7449A3F7B97D7CD98AB79B6005C177126C297CEB215FCBA7F3ECABCC2DCEC578B03280B7B53D3B79D205F1FADC65FD29330992BCE230D12&cpusvn=08080E0DFFFF01000000000000000000&pcesvn=0D00&pceid=0000 HTTP/1.1" 404 32 "-" "-"

 

0 Kudos
Sahira_Intel
Moderator
2,122 Views

Hi,


I also see: [error]: Error: No cache data for this platform.

This error is due to the BIOS not being up to date. Can you update to the most recent BIOS available from the OEM? That should fix the error, but let me know if you are still getting the 404 error as that might be a separate problem.


Sincerely,

Sahira




0 Kudos
Dr_Al_Villarica
Beginner
2,115 Views
Ok thank you, I have to check with Microsoft Azure since I do not have access to their BIOS.

Question...If the BIOS is old, how would Microsoft Azure's built-in PCS work, assuming the Azure PCS also needs to obtain a certificate from Intel?
0 Kudos
Scott_R_Intel
Employee
2,087 Views

Hi Dr. Al.

 

Per the doc from Microsoft ACC entitled "Quickstart: Create Intel SGX VM in the Azure portal":

 

"For DCsv3 and DCdsv3-series Azure VMs, the Intel certificates can only be fetched from THIM, as it is not possible to make direct calls to Intel service from the VMs."

 

This means you will need to contact their THiM service to get the cert for your platform to populate your PCCS.  The Azure DCAP Client source should show you how to do that.

 

Regards.

 

Scott

0 Kudos
Dr_Al_Villarica
Beginner
2,079 Views

Thanks Scott for your answer.  The statement "it is not possible to make direct calls to Intel service from the VMs" -- does this mean that Azure is (for reasons unknown?) blocking the VM from making an outgoing HTTPS connection to the Intel PCS?

I'm sorry to have to keep pushing on this, but one of the tests that I remember doing was this scenario:  From an SGX-capable machine in my office, I opened the firewall on Azure that allowed my SGX-capable machine to talk to an Intel PCCS (the demo) that I installed on an Azure VM (DCsv3).  I modified the "pccs_url" in /etc/sgx_default_qcnl.conf" to point to the Azure VM.  I was able to do remote attestation for an enclave application in my SGX-capable machine.

Both of these scenarios work for remote attestation:

1.  [my SGX-capable machine] <-------> [Intel PCCS on Azure VM DCsv3] <------> [Intel PCS]

2.  [my SGX-capable machine] <--------> [Intel PCCS on my SGX-capable machine] <------> [Intel PCS]

 

I can redo the test again if you wish, but doesn't scenario #1 show that an Intel PCCS running on an Azure VM DCsv3 *can* make an HTTPS call to Intel PCS?  What am I missing?

 

Thanks in advance, I'd like to clear things up a bit.  I was hoping to be able to use Azure confidential computing where I have full control of the Intel PCCS and not have to rely on Azure's PCS (THIM).

0 Kudos
Scott_R_Intel
Employee
2,031 Views

Hello again.

No, Microsoft isn't blocking PCS accesses.  The reason you won't be able to retrieve certs for ACC platforms is due to the fact that ACC uses "indirect registration" for their platforms.  Because of this, you can't request PCK certs for these platforms using only PPID, which is all you have access to as an ACC tenant/guest VM.  You would need to have the "platform manifest" for the platform you're running on to get the cert for it, and that's only available from bare metal (not a guest VM).  There is a good security reason for using indirect registration - the platform registration keys (PRKs) are not stored in Intel's Registration Service.  The PRKs are only kept and used long enough to generate the PCK Certs and then are deleted.  Without those PRKs, Intel PCS cannot use the PPID to identify the platform and provide you the PCK cert.

Note, platform registration is only applicable to Intel Xeon Scalable platforms.  Intel Xeon E and consumer Core products do not need/have this registration step as PCS can actually use those CPUs' EncPPIDs to identify the CPU and provide the PCK Cert.

There is a lot more info on this topic in our "Remote Attestation for Multi-Package Platforms" doc.

Hope this helps.

Scott

0 Kudos
Dr_Al_Villarica
Beginner
1,993 Views

Thank you so much for this explanation.  It helps a lot!

0 Kudos
Reply