Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

PCK Cert api always response 404, what does that means?

guan__jixing
Novice
999 Views

I have tried to setup a DCAP on my machine, and i got the encrypted_ppid/cpusvn/pcesvn/pceid by running PCKIDRetrivalTool.

When I use these params to call https://api.trustedservices.intel.com/sgx/certification/v1/pckcert with -H "Ocp-Apim-Subscription-Key: $myKey", I always get 404 response, which means cert of my machine cannot be found. 

Is anyone met the same problem?

 

By the way, the result from PCKIDRetrivalTool looks good, only PCEID is all zeros(0000).

 

0 Kudos
1 Solution
Junli_S_Intel
Employee
999 Views

That's the problem, for the Engineer Sample Chip, there is no the related cert data in Intel's server. I guess that is the root cause why the 404 is returned. 

By the way, for customer, there is only production level products. Not sure why you got one Engineer Sample chip

View solution in original post

0 Kudos
4 Replies
Junli_S_Intel
Employee
999 Views

could you please show your script or command to get cert with these parameters?

0 Kudos
Junli_S_Intel
Employee
999 Views

and what is your platform type? by the way, currently pceid is 0

0 Kudos
guan__jixing
Novice
999 Views

1. the script is like below:

export SGXPPID=6e983cda294e6780bca9d38fff38f0a712389c87058a87e1a02e84ca6d71324f4c84df055db8a9ec3b4d11f133f14882d523306471807b7ffb03178c4c0a2e3a9eb5b0ab7a5c03a7df9a0b2bc75866ee27eb73eb7ac819b3be0010f77c7aea7eebbf5ca6a2c27ac92fdf144fe3e071b001f5d65b1ae1e7122a666c28e8c98c20c6041e2a30068fc9dbbdfaa7d8709d90a264264094953058f34e7ced11ad4d8ce96574995f4ee66f12f712055dd20dae7709b4675b6279bf91278dc8a9ffb2c1567699ec728dde1247af833cece9708f15bcd3c3c3b6d8bf68003a2061334dbb9db052ffe8aa25916b9d232d59f0a586776bc5cd876af34aae75d35cd1bafdb6abe16a7bd8a452b042eff5ed2971711e123dad75c8b4978babee59ab725c40ff98ded55bd697a360e518b29569bc914c7974a58d9559dbb3fd48ca020ff1f45eff1371b82f99b395c03dd00a763f1f0af41c7f2f9a0eefdc9f70c4b7a482928ba5ff0410c619792e7e3d6032343a180bb6296eb32d65349856ddda89745d7abb
export CPUSVN=01010205ff8000000000000000000000
export PCESVN=0700
export PCEID=0000
export APIKEY=******************************** # from intel 
export QEID=83f90898720c901856116091c1b2cf30

curl -v GET "https://api.trustedservices.intel.com/sgx/certification/v1/pckcert?encrypted_ppid=$SGXPPID&cpusvn=$CPUSVN&pcesvn=$PCESVN&pceid=$PCEID" -H "Ocp-Apim-Subscription-Key: $APIKEY"

2. my platform

$> uname -a
Linux test-Mehlow-UP-Server-Platform 4.13.0-36-generic #40~16.04.1-Ubuntu SMP Fri Feb 16 23:25:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$> cat /proc/cpuinfo | grep 'model name' | uniq
model name    : Genuine Intel(R) CPU 0000 @ 3.10GHz

it seems like the cpu is an Engineer Sample Chip, does this matter?

 

0 Kudos
Junli_S_Intel
Employee
1,000 Views

That's the problem, for the Engineer Sample Chip, there is no the related cert data in Intel's server. I guess that is the root cause why the 404 is returned. 

By the way, for customer, there is only production level products. Not sure why you got one Engineer Sample chip

0 Kudos
Reply