Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1540 Discussions

QuoteGenerationSample fails with 0xe011 for OVH scale-i1 machine

brenzi
Novice
‎12-12-2024 09:20 AM
3,991 Views
Solved Jump to solution

After many successful installs of our SGX applications, we're currently struggling on a newly setup dedicated server at OVH:

This samplecode of isnt working:
SGXDataCenterAttestationPrimitives/SampleCode/QuoteGenerationSample

git checkout dcap_1.22_reproducible
make
./app
[APP] Info: sgx_qe_set_enclave_load_policy is valid in in-proc mode only and it is optional: the default enclave load policy is persistent
[APP] Info: set the enclave load policy as persistent
[APP] Step1: Call sgx_qe_get_target_info:
[QPL] Error: No certificate data for this platform.
[get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe011
Error in sgx_qe_get_target_info. 0xe011

 

This is the Hardware Spec:

* CPU: Intel Xeon Gold 6426Y - 16c/32t - 2.5 GHz/4.1 GHz

* Motherboard: SPC741D8QM3-NL-E (single socket)

* BIOS Date: 8/5/24

 

System Setup

* ubuntu 22.04

* Intel SGX SDK 2.25, DCAP 1.22

 

We tried bypassing our PCCS server in case of caching issues, but our issue is consistent, we get 404 not found. the same request works for other machines we operate (different specs):

curl -v -X GET "https://api.trustedservices.intel.com/sgx/certification/v4/pckcert?qeid=A7B644AED4D27CF028FECE9830F9A992&encrypted_ppid=4E0E877F6F86AC4D907040D1813BFDE55EE75A9FC793D6CF2F82301FDAC88FA001051E53DE451433D17D6BC8BE432143DBA5314BEDCBF9CFEE1F72DD37C9A52D5322A934723F565ECF296EFC0326EBB7403ED277401B887674E9EAA81C3A828170D2BAC34D6D336D66D9D176C2D08309F9C400CB576BCBC541CD1C416CE5DDDE2B1450B60BE035EC6D3743B848790FE10ED79FB02542661F77664890B0B4358015305EBCE89CBFBF60B4B4B237ECA50328F9728A691772608E9222E726B2267585D45D37ABF4E33A41903F7E82B1474A1AFE7C67F82F24B9DD3CCFD996B67EDBC1EC00FFB453BA808093BA1B95ED173ED5C87BB5BA6234C186813F2838F3806C29526AFEFC1B8DA8D99D3F25EE21F8DF5AF29DA644C33A1A24CD9A9CEB3ED0321614B03BAA7CF0BC29CA7650216AD2DDF4AD94723430D35887C8FF91F68375E6B701F0DC1BB7A061D328162483076C63E6CA5065FA1E433DC781ED893692A1269B9FB324FE2ABA9B2EBE2FA66CBFF1DF573B92AD15A72226DDF7E1107DD1F66A&cpusvn=0303191B04FF01030000000000000000&pcesvn=1000&pceid=0000" -H "Ocp-Apim-Subscription-Key: ********************"

Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 4.255.75.174:443...
* Connected to api.trustedservices.intel.com (4.255.75.174) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; O=Intel Corporation; CN=api.trustedservices.intel.com
* start date: Oct 3 00:00:00 2024 GMT
* expire date: Jan 1 23:59:59 2025 GMT
* subjectAltName: host "api.trustedservices.intel.com" matched cert's "api.trustedservices.intel.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Organization Validation Secure Server CA
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /sgx/certification/v4/pckcert?qeid=A7B644AED4D27CF028FECE9830F9A992&encrypted_ppid=4E0E877F6F86AC4D907040D1813BFDE55EE75A9FC793D6CF2F82301FDAC88FA001051E53DE451433D17D6BC8BE432143DBA5314BEDCBF9CFEE1F72DD37C9A52D5322A934723F565ECF296EFC0326EBB7403ED277401B887674E9EAA81C3A828170D2BAC34D6D336D66D9D176C2D08309F9C400CB576BCBC541CD1C416CE5DDDE2B1450B60BE035EC6D3743B848790FE10ED79FB02542661F77664890B0B4358015305EBCE89CBFBF60B4B4B237ECA50328F9728A691772608E9222E726B2267585D45D37ABF4E33A41903F7E82B1474A1AFE7C67F82F24B9DD3CCFD996B67EDBC1EC00FFB453BA808093BA1B95ED173ED5C87BB5BA6234C186813F2838F3806C29526AFEFC1B8DA8D99D3F25EE21F8DF5AF29DA644C33A1A24CD9A9CEB3ED0321614B03BAA7CF0BC29CA7650216AD2DDF4AD94723430D35887C8FF91F68375E6B701F0DC1BB7A061D328162483076C63E6CA5065FA1E433DC781ED893692A1269B9FB324FE2ABA9B2EBE2FA66CBFF1DF573B92AD15A72226DDF7E1107DD1F66A&cpusvn=0303191B04FF01030000000000000000&pcesvn=1000&pceid=0000 HTTP/1.1
> Host: api.trustedservices.intel.com
> User-Agent: curl/7.81.0
> Accept: */*
> Ocp-Apim-Subscription-Key: ********************
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Length: 0
< Request-ID: fe5ac4cc3b524124b9c8629481ed14db
< Date: Tue, 10 Dec 2024 08:26:55 GMT
< 
* Connection #0 to host api.trustedservices.intel.com left intact

 Here's the output of the fortanix tool:

sudo ./sgx-detect 
Detecting SGX, this may take a minute...
✔ SGX instruction set
✔ CPU support
✔ CPU configuration
✔ Enclave attributes
✔ Enclave Page Cache
SGX features
✔ SGX2 ✔ EXINFO ✘ ENCLV ✘ OVERSUB ✔ KSS 
Total EPC size: 2.0GiB (no integrity protection)
✔ Flexible launch control
✔ CPU support
✔ CPU configuration
✔ Able to launch production mode enclave
✘ SGX system software
✔ SGX kernel device (/dev/sgx_enclave)
✔ libsgx_enclave_common
✔ AESM service
✘ Able to launch enclaves
✘ Debug mode
✔ Production mode

🕮 SGX system software > Able to launch enclaves > Debug mode
The enclave could not be launched.

 

 

0 Kudos
1 Solution
brenzi
Novice
‎12-12-2024 11:48 PM
3,902 Views
Solved Jump to solution

Thanks @Benny_Intel Indeed, the only thing I had to do was:

1. Enable "SGX Auto MP Registration Agent"

2. sudo apt install sudo apt install -y sgx-ra-service

3. check logs: cat /var/log/mpa_registration.log

 

now RA works for the sample.

I was mislead by https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf which made me expect MP registration is only necessary for, well, MULTI-platforms with more than one socket

View solution in original post

0 Kudos
Copy link

Link Copied

7 Replies
Benny_Intel
Moderator
‎12-12-2024 12:52 PM
3,938 Views
Solved Jump to solution

Hello Brenzi,

 

The error "Error: No certificate data for this platform." is a hint that the platform was not registered before. Please follow one of the alternatives described in our Intel TDX Enabling Guide. The documentation is about Intel TDX, but the registration steps are the same for Intel SGX.

 

Best regards,

Benny

0 Kudos
Copy link
brenzi
Novice
‎12-12-2024 11:48 PM
3,903 Views
Solved Jump to solution

Thanks @Benny_Intel Indeed, the only thing I had to do was:

1. Enable "SGX Auto MP Registration Agent"

2. sudo apt install sudo apt install -y sgx-ra-service

3. check logs: cat /var/log/mpa_registration.log

 

now RA works for the sample.

I was mislead by https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf which made me expect MP registration is only necessary for, well, MULTI-platforms with more than one socket

0 Kudos
Copy link
brenzi
Novice
‎12-13-2024 02:12 AM
3,891 Views
Solved Jump to solution

The next issue may be related:

 

The samplecode QuoteGenerationSample works, but when I try to get RA for my own enclave I get

SGX_ERROR_UNRECOGNIZED_PLATFORM

 

googling told me that EPID will not work for new scalable Xeon. But we're using DCAP, so that should not be the issue

 

PCCS does not report an error for this request:

2024-12-13 10:35:25.046 [info]: 10.244.7.87 - - [13/Dec/2024:10:35:25 +0000] "GET /sgx/certification/v4/pckcert?qeid=45E66F4B956556CE111D464B68A093AA&encrypted_ppid=C96C262182CF639EBFDD893F6CF35715B4EA37CD544E30630AA2ED0F7071C02CCE88AFCE39EC1125318D3860AC0E5F148FCD155711D5BBA02753178A0B903D9F4BC172EFE50480933335EA1929564FA653BAD3BC69A7960B8C876509C05D028269E01B43231F11B489FEA8C6663F07C34255D9256B468BAFBA7B995B21F659657608579A703E8A2FC4B4A57DC9BEDFE7576BDA152C0CFB728FB214A76BF66F169A22EE82CD0038B091D1B3D6CA09FF001B7BCD81A4ECE1457556457A1B90844083A10735187EEFC3AA92A630512B4AE7971DC83EB0CC8F8916DF3C0519BD34D6851ADA38A54DD325DA54A243407AE813E7B62D8E9EDC63EE4BCED7E69A56E75F62A5A66DFCF07E47B081941401B1BB2AC818D8A8E66CCB8165DF317418FE0E3E1B94B27C8D97F42599BCC84887FE8B34D92C286E2434EC8F5406C6117C6665D5550AD0470EC1AF4375E21A16BD9C852E132B64E7FD55D7254F8DC28BB1F53BD6FB3707233C0DBDE0370BD7863288EA738DE77C9E5122864AE1823F5E6F2DDC8A&cpusvn=0303191B04FF01030000000000000000&pcesvn=0E00&pceid=0000 HTTP/1.1" 200 1777 "-" "-"

 

0 Kudos
Copy link
Benny_Intel
Moderator
‎12-13-2024 06:15 AM
3,864 Views
Solved Jump to solution

What exactly do you mean with "get RA for my own enclave"? How exactly does your enclave use DCAP-based attestation? Are you sure that the PCCS log entry is about the attestation request of your enclave or is it from the QuoteGenerationSample?

 

Because as you found out yourself, SGX_ERROR_UNRECOGNIZED_PLATFORM means: "Intel® EPID Provisioning failed because the platform was not recognized by the back-end server" (as defined in https://download.01.org/intel-sgx/sgx-linux/2.25/docs/Intel_SGX_Developer_Reference_Linux_2.25_Open_Source.pdf)

0 Kudos
Copy link
brenzi
Novice
‎12-13-2024 07:12 AM
3,858 Views
Solved Jump to solution
In response to Benny_Intel
@Benny_Intel wrote:

What exactly do you mean with "get RA for my own enclave"? How exactly does your enclave use DCAP-based attestation? Are you sure that the PCCS log entry is about the attestation request of your enclave or is it from the QuoteGenerationSample?

 

Because as you found out yourself, SGX_ERROR_UNRECOGNIZED_PLATFORM means: "Intel® EPID Provisioning failed because the platform was not recognized by the back-end server" (as defined in https://download.01.org/intel-sgx/sgx-linux/2.25/docs/Intel_SGX_Developer_Reference_Linux_2.25_Open_Source.pdf)

It seems we have an unnecessary leftover call to the EPID function sgx_init_quote in our code which so far hasn't caused trouble because we ran on pre-scalable HW. I'll investigate and revert

 

In response to Benny_Intel
0 Kudos
Copy link
brenzi
Novice
‎12-15-2024 11:23 PM
3,780 Views
Solved Jump to solution

confirmed: removing the deprecated sgx_init_quote call solved the SGX_ERROR_UNRECOGNIZED_PLATFORM error. Our enclave runs fine now. thx @Benny_Intel 

0 Kudos
Copy link
Benny_Intel
Moderator
‎12-16-2024 02:01 AM
3,770 Views
Solved Jump to solution

Perfect, thank you very much for confirming.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.