- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am seeing the following error in my program:
failure to attest remote SGX enclave code: AttestationError { message: "(endorsements -> CrlPckCert) [WRONG_TAG] [NESTED_ASN1_ERROR]" }
at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315)
at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:320)
at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1807)
at io.micrometer.core.instrument.composite.CompositeTimer.record(CompositeTimer.java:141)
at io.micrometer.core.instrument.Timer.lambda$wrap$0(Timer.java:196)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.signal.libsignal.cds2.DcapException: failure to attest remote SGX enclave code: AttestationError { message: "(endorsements -> CrlPckCert) [WRONG_TAG] [NESTED_ASN1_ERROR]" }
at org.signal.libsignal.internal.Native.Cds2Metrics_extract(Native Method)
at org.signal.libsignal.cds2.Cds2Metrics.extract(Cds2Metrics.java:31)
at org.signal.cdsi.enclave.Enclave.publishAttestationMetrics(Enclave.java:216)
at org.signal.cdsi.enclave.Enclave.lambda$renewAttestation$3(Enclave.java:192)
at io.micrometer.core.instrument.composite.CompositeTimer.record(CompositeTimer.java:141)
at org.signal.cdsi.enclave.Enclave.lambda$runAsync$18(Enclave.java:440)
at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1804)
... 5 common frames omitted
In syslog for aesmd, I am seeing the following:
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] JSON config file /etc/sgx_default_qcnl.conf is loaded successfully.
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] Getting pck certificate and chain.
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] Request URL http://169.254.169.254/metadata/THIM/sgx/certification/v4/pckcert?qeid=6AAC784AB26930F2EC6337359CB0A28D&encrypted_ppid=00000000000000000>
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] HTTP status code: 200
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] Successfully fetched certificate from primary URL: 'http://169.254.169.254/metadata/THIM/sgx/certification/v4/'.
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] Header 'sgx-tcbm' not found.
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] Header 'sgx-pck-certificate-issuer-chain' not found.
Dec 28 12:34:21 accvm aesm_service[1921]: [QCNL] sgx-Tcbm: 0e0e0303ffff010000000000000000000D00
What are the header not found issues? Any assistance is greatly appreciated. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I removed the az-dcap library and reinstalled the intel sqx qpl. I got an error because it couldn't find the library so I created a symbolic link to the library and everything works fine now.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it's looks like you are using az-dcap-client instead of libsgx-dcap-default-qpl
I have similar problem with it, so I'm using libsgx-dcap-default-qpl, but having different error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I removed the az-dcap library and reinstalled the intel sqx qpl. I got an error because it couldn't find the library so I created a symbolic link to the library and everything works fine now.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page