Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1494 Discussions

Problem of running RA sample code: client return error "sgx_ra_get_msg1: 00000001"

chencwu
Beginner
‎10-29-2023 07:50 AM
1,599 Views
Solved Jump to solution

Hi, Intel

      When i run sgx-ra-sample ,the client return "sgx_ra_get_msg1: 00000001".I plowed through the code and found that it was a misinformation in the msg1 data structure that caused function of  sgx_ra_get_msg1 to fail which was due to a context structure error,the debug information as follow.

the sp.exe:

 

C:\Users\fcfc\Downloads\sgx-ra-sample-master\sgx-ra-sample-master\vs\x64\Debug>sp -v --spid 976D********************A43F25624 --ias-signing-cafile=C:/Users/fcfc/Downloads/Intel_SGX_Attestation_RootCA.pem --mrsigner=bd71c6380ef****************************************ff2443d95bd --isv-product-id=0 --min-isv-svn=1 --ias-pri-api-key=12b38***************e5efd41a23fade  --ias-sec-api-key=bb95faf7d***************98187cc7  --linkable --no-proxy
Listening for connections on port 7777
Waiting for a client to connect...
Connection from ::1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1
Waiting for a client to connect...

 

 the client.exe:

 

C:\Users\fcfc\Downloads\sgx-ra-sample-master\sgx-ra-sample-master\vs\x64\Debug>client -s 976DC********************3F25624 -d -l -v
Enclave ID: 0000025E63600000
+++ using default public key

---- Msg0 Details ----------------------------------------------------------
Extended Epid Group ID: 00000000
----------------------------------------------------------------------------
sgx_ra_get_msg1: 00000001

---- Msg1 Details ----------------------------------------------------------
msg1.g_a.gx = cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
msg1.g_a.gy = cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
msg1.gid    = cccccccc
----------------------------------------------------------------------------

---- Copy/Paste Msg0||Msg1 Below to SP -------------------------------------

 

 the setting.cmd:

 

:: NOTE: This file uses Windows batch file syntax because it is
:: executed via CALL from run-client.cmd and run-server.cmd

::======================================================================
:: Global options
::======================================================================

:: Set to non-zero to query the production IAS instead of development.
:: Note that the SPID and certificate are different for production
:: and development, so if you change this you'll need to change them,
:: too.

SET RA_QUERY_IAS_PRODUCTION=0


:: Your Service Provider ID. This should be a 32-character hex string.
:: [REQUIRED]

SET RA_SPID=976DC4*************************A43F25624


:: Set to a non-zero value if this SPID is associated with linkable 
:: quotes. If you change this, you'll need to change SPID,
:: IAS_PRIMARY_SUBSCRIPTION_KEY and IAS_SECONDARY_SUBSCRIPTION_KEY too.

SET RA_LINKABLE=1


::======================================================================
:: Client options
::======================================================================

:: Set to non-zero to have the client generate a random nonce.

SET RA_RANDOM_NONCE=1


:: Set to non-zero to have the client generate a platform manifest.
:: This requires a PSE session, and thus support for platform
:: services.
::
:: (Note that server hardware does not have platform servces)

SET RA_USE_PLATFORM_SERVICES=0


::======================================================================
:: Service provider (server) options
::======================================================================

:: Intel Attestation Service Primary Subscription Key
:: More Info: https://api.portal.trustedservices.intel.com/EPID-attestation
:: Associated SPID above is required

SET RA_IAS_PRIMARY_SUBSCRIPTION_KEY=12b38b********************23fade

:: Intel Attestation Service  Secondary Subscription Key
:: This will be used in case the primary subscription key does not work

SET RA_IAS_SECONDARY_SUBSCRIPTION_KEY=bb95fa*****************914d98187cc7

:: The Intel IAS SGX Report Signing CA file. You are sent this certificate
:: when you apply for access to SGX Developer Services at 
:: http://software.intel.com/sgx [REQUIRED]

SET RA_IAS_REPORT_SIGNING_CA_FILE=C:/Users/fcfc/Downloads/Intel_SGX_Attestation_RootCA.pem


:: Set to the URL for your proxy server to force the use of a proxy
:: when communicating with IAS (overriding any environment variables).

:: SET RA_IAS_PROXY_URL=


:: Set to non-zero to disable the use of a proxy server and force a
:: direct connection when communicating with IAS (overriding any
:: environment variables).

:: SET RA_IAS_DISABLE_PROXY=0

::======================================================================
:: Debugging options
::======================================================================

:: Set to non-zero for verbose output

SET RA_VERBOSE=1


:: Set to non-zero for debugging output

SET RA_DEBUG=1

 

 I don't know why my code  structured is differently than  github, my "setting. cmd" "run-server.exe" "run-client.exe " are not in the /vs/x64/debug directory,my OS is windows10 and openssl version is 1.1.1l.

Thanks and best regards,
chenc

 

0 Kudos
1 Solution
Iffa_Intel
Moderator
‎11-19-2023 08:10 PM
1,297 Views
Solved Jump to solution

Hi,


Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question


Cordially,

Iffa


View solution in original post

0 Kudos
Copy link

Link Copied

7 Replies
Iffa_Intel
Moderator
‎11-01-2023 05:04 PM
1,548 Views
Solved Jump to solution

Hi,


The error "sgx_ra_get_msg1: 00000001" was previously known to occur due to incorrect CPU selection.

Please make sure to choose the correct CPU and ensure you have installed the latest BIOS (Run dmidecode to see details about your BIOS).



Cordially,

Iffa


0 Kudos
Copy link
chencwu
Beginner
‎11-01-2023 07:24 PM
1,524 Views
Solved Jump to solution
In response to Iffa_Intel

Hi,Iffa

     thanks for your help,i also try used Ubuntu 20.04 to build this code in same compute,when i run /opt/intel/sgxsdk/Samplecode/Remoteattestation 

 

root@you:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# ./app 
First round, we will try ECDSA algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

 

 and i run  sgx-ra-sample the error information about "sgx_ra_get_msg1: 00004006",but i installed the latest sgxsdk and sgxpsw.

The BIOS detail information as follow:

 

# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
      Vendor: LENOVO
      Version: M31KT2DA
      Release Date: 03/20/2023
      Address: 0xF0000
      Runtime Size: 64 kB
      ROM Size: 16 MB
      Characteristics:
            PCI is supported
            BIOS is upgradeable
            BIOS shadowing is allowed
            Boot from CD is supported
            Selectable boot is supported
            BIOS ROM is socketed
            EDD is supported
            5.25"/1.2 MB floppy services are supported (int 13h)
            3.5"/720 kB floppy services are supported (int 13h)
            3.5"/2.88 MB floppy services are supported (int 13h)
            Print screen service is supported (int 5h)
            8042 keyboard services are supported (int 9h)
            Serial services are supported (int 14h)
            Printer services are supported (int 17h)
            ACPI is supported
            USB legacy is supported
            BIOS boot specification is supported
            Targeted content distribution is supported
            UEFI is supported
      BIOS Revision: 1.45

Handle 0x006A, DMI type 13, 22 bytes
BIOS Language Information
      Language Description Format: Long
      Installable Languages: 3
            en|US|iso8859-1
            fr|FR|iso8859-1
            zh|CN|unicode
      Currently Installed Language: zh|CN|unicode

 

 

Thanks and best regards,
chenc

In response to Iffa_Intel
0 Kudos
Copy link
chencwu
Beginner
‎11-01-2023 07:22 PM
1,542 Views
Solved Jump to solution

Hi,Iffa

     thanks for your help,i also try used Ubuntu 20.04 to build this code in same compute,when i run /opt/intel/sgxsdk/Samplecode/Remoteattestation 

 

root@you:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# ./app 
First round, we will try ECDSA algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

 

 and i run  sgx-ra-sample the error information about "sgx_ra_get_msg1: 00004006",but i installed the latest sgxsdk and sgxpsw.

The BIOS detail information as follow:

 

# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
      Vendor: LENOVO
      Version: M31KT2DA
      Release Date: 03/20/2023
      Address: 0xF0000
      Runtime Size: 64 kB
      ROM Size: 16 MB
      Characteristics:
            PCI is supported
            BIOS is upgradeable
            BIOS shadowing is allowed
            Boot from CD is supported
            Selectable boot is supported
            BIOS ROM is socketed
            EDD is supported
            5.25"/1.2 MB floppy services are supported (int 13h)
            3.5"/720 kB floppy services are supported (int 13h)
            3.5"/2.88 MB floppy services are supported (int 13h)
            Print screen service is supported (int 5h)
            8042 keyboard services are supported (int 9h)
            Serial services are supported (int 14h)
            Printer services are supported (int 17h)
            ACPI is supported
            USB legacy is supported
            BIOS boot specification is supported
            Targeted content distribution is supported
            UEFI is supported
      BIOS Revision: 1.45

Handle 0x006A, DMI type 13, 22 bytes
BIOS Language Information
      Language Description Format: Long
      Installable Languages: 3
            en|US|iso8859-1
            fr|FR|iso8859-1
            zh|CN|unicode
      Currently Installed Language: zh|CN|unicode

 

 

Thanks and best regards,
chenc

0 Kudos
Copy link
Iffa_Intel
Moderator
‎11-06-2023 04:48 PM
1,470 Views
Solved Jump to solution

Hi,


this is likely a BIOS issue. Please contact your BIOS manufacturer, provide them with the info you have already gathered, and work with them to receive an updated BIOS with the required fixes.



Cordially,

Iffa

 


0 Kudos
Copy link
chencwu
Beginner
‎11-08-2023 03:33 AM
1,428 Views
Solved Jump to solution
In response to Iffa_Intel

Hi,Iffa

     thanks for your help,i was install latest BIOS driver,still can't solve this problem,Is it related to my CUP? I was use  10th core-i7.

 

     Thanks and best regards,
chenc

In response to Iffa_Intel
0 Kudos
Copy link
Iffa_Intel
Moderator
‎11-13-2023 04:49 PM
1,360 Views
Solved Jump to solution

Hi,


as mentioned previously,

you need to contact your BIOS manufacturer and work with them for required fixes.



Cordially,

Iffa


0 Kudos
Copy link
Iffa_Intel
Moderator
‎11-19-2023 08:10 PM
1,298 Views
Solved Jump to solution

Hi,


Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question


Cordially,

Iffa


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.