PCKIDRetrievalTool (Unexpected error occured while sending data to cache server)

RayWang1 · ‎02-22-2024

Follow all of the TDX/SGX guide to install PCCS server on the host, subscribe to the Product Intel® Software Guard Extensions Provisioning Certification Service , have the primary/secondly key, and lunch the PCKIDRetrievalTool , and return errors.

[root@localhost sgx-pck-id-retrieval-tool]# ./PCKIDRetrievalTool

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.20.100.2

Warning: platform manifest is not available or current platform is not multi-package platform.

Please input the pccs password, and use "Enter key" to end
Error: unexpected error occurred while sending data to cache server.
pckid_retrieval.csv has been generated successfully, however the data couldn't be sent to cache server!

Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.037 [info]: Client Request-ID : 596a9100345446fda276cf13327cce82
Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.557 [info]: Request-ID is : 693411026ce44b099cdee3c9fe13379e
Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.557 [debug]: Request URL https://api.trustedservices.intel.com/sgx/certification/v4/pckcerts
Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.557 [error]: Intel PCS server returns error(404).
Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.558 [error]: Error: No cache data for this platform.
Feb 22 15:55:35 localhost node[4275]: at Module.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:88:11)
Feb 22 15:55:35 localhost node[4275]: at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Feb 22 15:55:35 localhost node[4275]: at async LazyCachingMode.registerPlatforms (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:163:7)
Feb 22 15:55:35 localhost node[4275]: at async Module.registerPlatforms (file:///opt/intel/sgx-dcap-pccs/services/platformsRegService.js:107:3)
Feb 22 15:55:35 localhost node[4275]: at async postPlatforms (file:///opt/intel/sgx-dcap-pccs/controllers/platformsController.js:40:5)
Feb 22 15:55:35 localhost node[4275]: 2024-02-22 15:55:35.560 [info]: 127.0.0.1 - - [22/Feb/2024:23:55:35 +0000] "POST /sgx/certification/v4/platforms HTTP/1.1" 404 32 "-" "-"

Junli_S_Intel · ‎02-27-2024

maybe you didn't do registration. Would you please paste your PCKIDRetrieval tool's output file's size?

RayWang1 · ‎02-29-2024

lrwxrwxrwx 1 root root 40 Feb 21 15:27 libsgx_id_enclave.signed.so.1 -> /usr/lib64/libsgx_id_enclave.signed.so.1
lrwxrwxrwx 1 root root 33 Feb 21 22:12 libsgx_pce.signed.so.1 -> /usr/lib64/libsgx_pce.signed.so.1
-rw-r--r-- 1 root root 1514 Dec 26 23:09 License.txt
-rw-r--r-- 1 root root 1059 Feb 22 16:15 network_setting.conf
-rw-r--r-- 1 root root 844 Feb 22 16:25 pckid_retrieval.csv
-rwxr-xr-x 1 root root 49032 Dec 26 23:09 PCKIDRetrievalTool
-rw-r--r-- 1 root root 5207 Dec 26 23:09 README.txt
-rw-r--r-- 1 root root 0 Feb 20 23:47 vm_log.log

Scott_R_Intel · ‎02-29-2024

This error is important: "Warning: platform manifest is not available or current platform is not multi-package platform."

At this point, probably best to "Enable" the "SGX Factory Reset" in the BIOS. This will force a new Platform Manifest to be created which is required for platform registration, which is required to download a platform PCK Cert. This is only for Xeon Scalable CPUs, though, like 3rd, 4th, or 5th Gen Xeon Scalable CPUs. Xeon E's do not require this.

Also note, this only works in the host OS/on bare metal. You cannot get to the platform manifest if running inside a VM.

MrGeek · ‎03-02-2024

(...) Also note, this only works in the host OS/on bare metal. You cannot get to the platform manifest if running inside a VM.

@Scott_R_Intel @RayWang1 Does this mean there is no way to run the PCCS service inside a Docker container? Must the PCCS service be running directly in a non-virtualized environment? If that's the case, is this requirement documented in the SGX manuals? Where can I find it?

I'm asking because I'm trying to get PCCS working with Docker, but keep hitting the same issue mentioned before:

Warning: platform manifest is not available or current platform is not multi-package platform.

and:

Error: No cache data for this platform.

I'm not sure if that is because of some fundamental reason of how PCCS/SGX works, or if I just set something up wrong.

RayWang1 · ‎02-29-2024

We did enable the SGX and also try the SGX Factory reset multiple times, it does not help. and from our mpa_registration log, it already shown pass.

[29-02-2024 07:46:41] INFO: Starts Registration Agent Flow.
[29-02-2024 07:46:41] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[29-02-2024 07:46:41] INFO: Finished Registration Agent Flow.
[29-02-2024 08:03:21] INFO: SGX Registration Agent version: 1.20.100.2

We are testing Xeon Scalable EMR Production CPU.

RayWang1 · ‎02-29-2024

We only do it in the host OS/on bare metal.