- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
I am trying to implement the Service Provider's side of the Remote Attestation flow in python. To debug the application, I use the same keys as in the RemoteAttestation Sample from the linux-sgx repo and so far, I am able to derive the same keys as in the sample. However, when I try to sign the Gb_Ga message in msg2, I receive a different signature than the one in the sample, although I follow the guide from the Code Sample . Actually, it irritates me that in the Sample Application, the following output is made which shows that the first half of the signature is not at all encrypted/ signed in any way.
A more descriptive representation of MSG2:
RESPONSE TYPE: 0x2
RESPONSE STATUS: 0x0 0x0
RESPONSE BODY SIZE: 168
MSG2 gb - 64 bytes:
{
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb,
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57,
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa,
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97,
0x79, 0xa7, 0x38, 0x72, 0xf2, 0xb8, 0xd6, 0xbe,
0x18, 0x91, 0x7f, 0xf7, 0xb5, 0xd3, 0xe5, 0x64,
0x9b, 0x12, 0x18, 0xaf, 0x39, 0x29, 0x6c, 0x24,
0x19, 0x38, 0x29, 0xb, 0xc6, 0xac, 0xc, 0x62
}
MSG2 spid - 16 bytes:
{
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20,
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0
}
MSG2 quote_type : 1
MSG2 kdf_id : 1
MSG2 sign_gb_ga - 64 bytes:
{
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb,
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57,
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa,
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97,
0x49, 0xa2, 0x2c, 0xc8, 0xd4, 0xba, 0xd1, 0x3b,
0xfe, 0x72, 0xd5, 0xc3, 0x18, 0x31, 0x10, 0xd,
0x72, 0xf4, 0x92, 0xff, 0xf, 0xa0, 0x3e, 0x6f,
0x97, 0xe4, 0xaa, 0x68, 0x80, 0x69, 0x60, 0xd6
}
MSG2 mac - 16 bytes:
{
0xaa, 0xc7, 0xa1, 0xbb, 0x94, 0xbf, 0x2d, 0x35,
0x5f, 0x32, 0x17, 0xe4, 0xfa, 0xca, 0x61, 0x79
}
MSG2 sig_rl -
( null )
Call sgx_ra_proc_msg2_ex success.
If you compare line 7ff and line 25ff, the same values are present which does not make sense to me. Also, I noted that no solution has been found to a similar question , has there been any progress so far?
Could somebody explain how the signature is derived in the Remote Attestation Sample? The sample_libcrypto file does not provide real insight into the process.
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
It seems you are missing the PSW component: libsgx-uae-service. Install it with:
$sudo apt get libsgx-uae-service
Ensure you install all of the PSW components with:
$ sudo apt-get install libsgx-launch libsgx-urts libsgx-epid libsgx-quote-ex libsgx-uae-service
Here is how to follow the code in the sgx-ra-sample to find where it is not detecting SGX:
client.cpp:373 sgx_support = get_sgx_support();
sgx_detect_linux.c:44 if (! have_sgx_psw()) return sgx_support;
sgx_stub.c:196
int have_sgx_psw()
{
return (
_load_libsgx_uae_service() == NULL ||
_load_libsgx_urts() == NULL
) ? 0 : 1;
}
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
Pay special attention to the instructions regarding little-endian byte order in the end-to-end example. I recommend doing a search on the page for "endian" so you can find all the references.
Did you look at the function process_msg01 in sp.cpp?
If you still cannot figure it out after fixing the endian issues, I recommend installing the debug versions of the SDK and PSW so you can step into the SGX runtimes using sgx-gdb. Follow these instructions to install the debug files:
1. Install Prerequisites then download the Intel SGX for Linux source code:
$ git clone https://github.com/intel/linux-sgx.git
$ cd linux-sgx && make preparation
2. Build the debug versions of the SDK and SDK installer:
$ make sdk DEBUG=1
$ make sdk_install_pkg DEBUG=1
$ cd linux/installer/bin
$ ./sgx_linux_x64_sdk_${version}.bin
$ source ${sgx-sdk-install-path}/environment
4. Build the debug versions of the PSW and PSW installers:
$ make psw DEBUG=1
$ make deb_psw_pkg DEBUG=1
5. Install the PSW components and their symbol files.
The generated PSW installers are located under linux/installer/rpm/libsgx-urts, linux/installer/rpm/libsgx-enclave-common, linux/installer/rpm/libsgx-uae-service, linux/installer/rpm/libsgx-epid, linux/installer/rpm/libsgx-launch, linux/installer/rpm/libsgx-quote-ex and linux/installer/rpm/sgx-aesm-service
6. Execute the following commands in each PSW installer directory:
$ sudo dpkg -i *.deb
$ sudo dpkg -i *.ddeb
Now you can use sgx-gdb to step into any SGX runtime function so you can see what is happening behind the scenes.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will look into this, thanks! Still, I do not think that the used signature procedure is sensible in the RemoteAttestation Sample from the linux-sgx repository, as no signature should yield back an unmodified first half of the original buffer. If you could clear this up, it would be helpful for debugging so I know where these values in line 25ff comes from.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
You are right, the first halves of Msg2 and the signed Msg2 should not be the same. That is your first indication that something is not right. Here are my outputs from running sgx-ra-sample.
---- Msg2 Details ----------------------------------------------------------
msg2.g_b.gx = b86a9353678fd85e255825c6fefb53d4fc307dc07cd86f41aec014be5db43e0e
msg2.g_b.gy = 61e30199bec58304a5da94419effbd7fa84057ebf56369fadcf44e8ea8e5f444
msg2.spid = 512a4762b082984ff983cb5e59bee669
msg2.quote_type = 0000
msg2.kdf_id = 0100
msg2.sign_ga_gb = 471991a397d91a27326f4dea2081dbc6d1c1b9ba0ebc2be220fa757f5a0d78b1f59dbc971a676737d78c0ca2c5a9ac8b7fc92c639ac0deb5914b33951333dc72
msg2.mac = 7a5cd6f10638431b706e43c346505fed
msg2.sig_rl_size = 00000000
msg2.sig_rl =
----------------------------------------------------------------------------
+++ msg2_size = 168
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello JesusG_Intel,
I was talking about the RemoteAttestation sample from here , if you run that sample, you get two identical first halves of the key and the signature, which should not be the case. In the sgx-sample you described, however, I am not even able to run the ./run-client command as it tells me 'This system does not support Intel SGX.' although I think I have all needed sgx drivers installed and am able to run all sample applications from above link in hardware mode. Can you give me a hint why this problem occurs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
We are still trying to figure out why the Remote Attestation sample outputs the same values for msg2_gb_gx and msg2_sign_gb_ga_x. They are different in the sgx-ra-sample.
The function in Remote Attestation that does the signing is service_provider.cpp:506 and starts printing at isv_app.cpp:122.
Let's figure out why you can't run the sgx-ra-sample.
1. Confirm your processor has SGX enabled.
Open a terminal and run: $ cpuid | grep -i sgx
2. Check the SGX driver:
$ ls /dev | grep sgx
2. Check the PSW, especially libsgx-uae-service
$ sudo apt list --installed | grep sgx
3. Run sudo apt-get update to ensure all your components are up-to-date.
4. Setup your proxy if necessary.
Edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service.
After you configure the proxy, you need to restart the service to enable the proxy.
5. Check aesmd
$ ps aux | grep -aesm
$ sudo systemctl stop aesmd
$ sudo systemctl start aesmd
$ cat /var/log/syslog | grep -i aesm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello JesusG_Intel,
thanks for your detailed response, my resulting terminal output is:
1. processor sgx enabled?
> cpuid | grep -i sgx
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = false
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes (0x12/1):
2. sgx-driver check:
> ls /dev | grep sgx
isgx
3. my components are up-to-date
4. I don't think I need to configure a proxy
5. aesmd:
> ps aux | grep -aesm
root 67 0.0 0.0 0 0 ? SN 13:40 0:00 [ksmd]
gdm 1490 0.0 0.0 323796 8600 tty1 Sl+ 13:40 0:00 /usr/libexec/gsd-smartcard
max 2039 0.0 0.0 397532 8780 ? Ssl 13:41 0:00 /usr/libexec/gsd-smartcard
aesmd 6235 0.0 0.0 352572 14576 ? Ssl 13:52 0:00 /opt/intel/sgx-aesm-service/aesm/aesm_service
max 7028 0.0 0.0 17672 2864 pts/0 S+ 14:04 0:00 grep --color=auto -aesm
When checking the syslog, there is actually something interesting:
Sep 16 14:19:03 max-laptop systemd[1]: aesmd.service: Succeeded.
Sep 16 14:19:09 max-laptop aesm_service[10163]: [ADMIN]White List update requested
Sep 16 14:19:09 max-laptop aesm_service[10163]: [load_qe ../qe_logic.cpp:680] Error, call sgx_create_enclave QE fail [load_qe], SGXError:4004.
Sep 16 14:19:09 max-laptop aesm_service[10163]: Failed to load QE3: 0x4004
Sep 16 14:19:09 max-laptop aesm_service[10163]: The server sock is 0x5644b9d506f0
Sep 16 14:19:10 max-laptop aesm_service[10163]: [ADMIN]White list update request successful for Version: 105
Error 0x4004 is (according to the developer reference) 'Enclave has no privilege to get a launch token.'
Is the launch token error the problem for my inability to launch the sgx-ra-sample client? Or does my system simply not have the sgx standards needed? Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
It seems you are missing the PSW component: libsgx-uae-service. Install it with:
$sudo apt get libsgx-uae-service
Ensure you install all of the PSW components with:
$ sudo apt-get install libsgx-launch libsgx-urts libsgx-epid libsgx-quote-ex libsgx-uae-service
Here is how to follow the code in the sgx-ra-sample to find where it is not detecting SGX:
client.cpp:373 sgx_support = get_sgx_support();
sgx_detect_linux.c:44 if (! have_sgx_psw()) return sgx_support;
sgx_stub.c:196
int have_sgx_psw()
{
return (
_load_libsgx_uae_service() == NULL ||
_load_libsgx_urts() == NULL
) ? 0 : 1;
}
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
Were you able to install libsgx-uae-service and get the sgx-ra-sample running? We recommend using the sgx-ra-sample over the RemoteAttestation sample in the SDK.
Sincerely,
Jesus G.
Intel Customer Suppor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mxl01,
I hope the information I provided was helpful to you. Since we haven't heard from you I will close this case. If you need further assistance with this issue, please open a new thread.
Sincerely,
Jesus G.
Intel Customer Support
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page