Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Remote attestation not possible, request guidance

urnotcoward
Beginner
1,111 Views

I have installed the sgx driver, SDK and PWS on the ubuntu20.04 system according to the guide, and the local enclave instance can proceed smoothly. However, the remote authentication in SampleCode cannot be completed, and the following error occurs.

wynn@wynn-ThinkCentre-E97:/opt/intel/sgxsdk/SampleCode/RemoteAttestation$ sudo ./app

First round, we will try ECDSA algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

aesmd.service Display the following information:
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-04-29 11:34:18 CST; 4h 39min ago
Main PID: 97154 (aesm_service)
Tasks: 4 (limit: 18702)
Memory: 2.7M
CGroup: /system.slice/aesmd.service
└─97154 /opt/intel/sgxpsw/aesm/aesm_service

4月 29 11:38:32 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning failed
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QCNL] Try remote service...
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QCNL] Request URL https://localhost:8081/sgx/certification/v3/pckcert?qeid=55C424A06FD1E8127BCD65D9B88AD98E&encrypted_...
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QPL] Failed to get quote config. Error code is 0xb00d
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [get_platform_quote_cert_data ../qe_logic.cpp:377] Error returned from the p_sgx_get_quote_config API. 0xe046

4月 29 16:13:32 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning initiated
4月 29 16:13:36 wynn-ThinkCentre-E97 aesm_service[97154]: The Request ID is 52c1925d84e14d0e9e0399dddd0fe9ac
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: The Request ID is c1e762de64a34d47bd526843e4897fd5
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning protocol error reported by Backend (9)
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning failed
~
Please professional and experienced friends to answer my questions
sincerely for reply!!!

0 Kudos
1 Solution
JesusG_Intel
Moderator
976 Views

Hello urnotcoward,

 

Your logs are very helpful.

 

We have an article that addresses your issue! https://www.intel.com/content/www/us/en/support/articles/000059239/software/intel-security-products....

 

Summary

Update BIOS to make the Trusted Computing Base (TCB) current.

 

Description

  1. Set up Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) environment
  2. Built and installed Provisioning Certificate Caching Service (PCCS)
  3. Generated pckid_retrieval.csv
  4. Ran PCKIDRetrievalTool or other remote attestation sample
  5. Received error: unexpected error happened during sending data to cache server., however the data couldn't be sent to cache server!
  6. PCCS log file shows: [error]: PCK selection library returned 12 [error]: Error: No cache data for this platform. ... "POST /sgx/certification/v3/platforms HTTP/1.1" 404 32 "-" "-"

 

Resolution

Update the BIOS on the system to the most recent BIOS available from the OEM to make the trusted computing base current.

Additional information

Error 12 originates at the SGX PCK Cert Selection Library function pck_cert_select, which corresponds to PCK_CERT_SELECT_PCK_NOT_FOUND = 12, /**< Raw TCB is lower than all input PCKs */.

 

 

View solution in original post

10 Replies
JesusG_Intel
Moderator
1,090 Views

Hello urnotcoward,


  • What type of processor do you have?
  • Confirm if your system supports Flexible Launch Control (FLC) so that you can perform ECDSA attestation:

$ cpuid | grep -i sgx


If SGX_LC: SGX launch config supported = false, then you can only do EPID-based attestation. If SGX launch config supported = true, then you can do ECDSA attestation.

 

  • What is the output from:

$ sudo apt list intalled | grep -i sgx

$ sudo apt list --installed | grep -i dcap


If you have FLC and want to do ECDSA attestation, did you install and configure the PCCS?


Sincerely,

Jesus G.

Intel Customer Support


urnotcoward
Beginner
1,074 Views

Hello Jesus,

Thanks for your reply! I have operated as you said.

1.  SGX launch config is supported

wynn@wynn-ThinkCentre-E97:~$ cpuid | grep -i sgx
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false

2. the teminal output

wynn@wynn-ThinkCentre-E97:~$ sudo apt list intalled | grep -i sgx

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

 

wynn@wynn-ThinkCentre-E97:~$ sudo apt list --installed | grep -i dcap

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libsgx-dcap-ql-dev/unkown ,now 1.13.100.4-focal1 amd64 [installed]
libsgx-dcap-ql/unkown,now 1.13.100.4-focal1 amd64 [installed]
libsgx-dcap-quote-verify/unkown,now 1.13.100.4-focal1 amd64 [installed,automatic]

sgx-dcap-pccs/unkown,now 1.13.100.4-focal1 amd64 [installed]

 

3.install and configure the PCCS

Before your guild, I have install pccs from linux-sgx/external/dcap_source/QuoteGeneration/pccs, instead of apt-get.(but it doesn't seem to recognize)

From the PCCS install link, I follow the guild to  Set up the Intel PCCS,include Verify the empty cache.(to the default configuration as the tutorial)
But when I Edit the configuration file /opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf and make the changes, 

I don't know how to configure the PCCS_URL.

The following is my /opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf:

# #############################################################
# PCCS server address
# support V2 version PCCS
#PCCS_URL=https://localhost:8081/sgx/certification/v2/platforms
# support V3 version PCCS
PCCS_URL=https://localhost:8081/sgx/certification/v3/platforms
#PCCS_URL=/lib/systemd/system/pccs.service
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE
###############################################################


###############################################################
# when access pccs, user need provide the token
user_token =******[my password]
###############################################################


###############################################################
# Proxy settings:proxy type could be the following three types
# direct: means no proxy used
# default: system default proxy will be used
# manual: when this type was selected, user need provide the proxy_url

proxy_type = direct
#proxy_type = default
#proxy_type = manual
#proxy_url = http://proxy_url:proxy_port
###############################################################

$ sudo PCKIDRetrievalTool

wynn@wynn-ThinkCentre-E97:/media/sda2/linux-sgx/external/dcap_source/QuoteGeneration/pccs$ sudo PCKIDRetrievalTool

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.13.100.4

Warning: platform manifest is not available or current platform is not multi-package platform.
Error: unexpected error happend during sending data to cache server.
pckid_retrieval.csv has been generated successfully, however the data couldn't be sent to cache server!

 

The above is my situation, please provide me with further help and guidance, looking forward to your recovery!

 

Best regards,

urnotcoward

JesusG_Intel
Moderator
1,059 Views

At first, I got the same error as you until I configured PCCS on my system. I will show you screenshots of the components I installed and /etc/sgx_default_qcnl.conf. I installed everything from Intel's apt repo using sudo apt-get. I ran these instructions to install and setup the PCCS.

 

jesus@jesus-NUC:~$ sudo apt list --installed | grep -Ei 'sgx|dcap'

 

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

 

libdcap1/focal,now 2.47.12-2build1 amd64 [installed]

libsgx-ae-epid/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-ae-id-enclave/unknown,now 1.13.100.4-focal1 amd64 [installed,automatic]

libsgx-ae-le/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-ae-pce/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-ae-qe3/unknown,now 1.13.100.4-focal1 amd64 [installed,automatic]

libsgx-ae-qve/unknown,now 1.13.100.4-focal1 amd64 [installed,automatic]

libsgx-aesm-ecdsa-plugin/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-aesm-epid-plugin/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-aesm-launch-plugin/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-aesm-pce-plugin/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-aesm-quote-ex-plugin/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-dcap-default-qpl-dbgsym/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-default-qpl-dev/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-default-qpl/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-ql-dbgsym/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-ql-dev/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-ql/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-quote-verify-dbgsym/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-quote-verify-dev/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-dcap-quote-verify/unknown,now 1.13.100.4-focal1 amd64 [installed]

libsgx-enclave-common/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-epid/unknown,now 2.16.100.4-focal1 amd64 [installed]

libsgx-headers/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-launch/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

libsgx-pce-logic/unknown,now 1.13.100.4-focal1 amd64 [installed,automatic]

libsgx-qe3-logic/unknown,now 1.13.100.4-focal1 amd64 [installed,automatic]

libsgx-quote-ex/unknown,now 2.16.100.4-focal1 amd64 [installed]

libsgx-urts/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

sgx-aesm-service/unknown,now 2.16.100.4-focal1 amd64 [installed,automatic]

sgx-dcap-pccs/unknown,now 1.13.100.4-focal1 amd64 [installed]

 

 

jesus@jesus-NUC:~$ cat /etc/sgx_default_qcnl.conf

{

 // *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.

 

 //PCCS server address

 "pccs_url": "https://localhost:8081/sgx/certification/v3/",

 

 // To accept insecure HTTPS certificate, set this option to false

 "use_secure_cert": false,

 

 // You can use the Intel PCS or another PCCS to get quote verification collateral. Retrieval of PCK

 // Certificates will always use the PCCS described in PCCS_URL. When COLLATERAL_SERVICE is not defined, both

 // PCK Certs and verification collateral will be retrieved using PCCS_URL 

 //"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v3/",

 

 // If you use a PCCS service to get the quote verification collateral, you can specify which PCCS API version is to be used.

 // The legacy 3.0 API will return CRLs in HEX encoded DER format and the sgx_ql_qve_collateral_t.version will be set to 3.0, while

 // the new 3.1 API will return raw DER format and the sgx_ql_qve_collateral_t.version will be set to 3.1. The PCCS_API_VERSION

 // setting is ignored if COLLATERAL_SERVICE is set to the Intel PCS. In this case, the PCCS_API_VERSION is forced to be 3.1

 // internally. Currently, only values of 3.0 and 3.1 are valid. Note, if you set this to 3.1, the PCCS use to retrieve

 // verification collateral must support the new 3.1 APIs.

 //"pccs_api_version": "3.1",

 

 // Maximum retry times for QCNL. If RETRY is not defined or set to 0, no retry will be performed.

 // It will first wait one second and then for all forthcoming retries it will double the waiting time.

 // By using RETRY_DELAY you disable this exponential backoff algorithm

 "retry_times": 6,

 

 // Sleep this amount of seconds before each retry when a transfer has failed with a transient error

 "retry_delay": 10,

 

 // If LOCAL_PCK_URL is defined, the QCNL will try to retrieve PCK cert chain from LOCAL_PCK_URL first,

 // and failover to PCCS_URL as in legacy mode.

 //"local_pck_url": "http://localhost:8081/sgx/certification/v3/",

 

 // If LOCAL_PCK_URL is not defined, the QCNL will cache PCK certificates in memory by default.

 // The cached PCK certificates will expire after PCK_CACHE_EXPIRE_HOURS hours.

 "pck_cache_expire_hours": 168

 

 // You can add custom request headers and parameters to the get certificate API.

 // But the default PCCS implementation just ignores them.

 //,"custom_request_options" : {

 // "get_cert" : {

 //   "headers": {

 //     "head1": "value1"

 //   },

 //   "params": {

 //     "param1": "value1",

 //     "param2": "value2"

 //   }

 // }

 //}

}


Sincerely,

Jesus G.

Intel Customer Support


urnotcoward
Beginner
1,032 Views

Hello Jesus,

I HAVE adjusted my system as you said these days.

But when i follow the instructions to install and setup the PCCS still have problems:

 

wynn@wynn-ThinkCentre-E97:/opt/intel/sgxsdk/SampleCode/RemoteAttestation$ sudo PCKIDRetrievalTool

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.13.100.4

Warning: platform manifest is not available or current platform is not multi-package platform.
Error: unexpected error happend during sending data to cache server.
pckid_retrieval.csv has been generated successfully, however the data couldn't be sent to cache server!

 

I am so confused.

 

I have check Checked some information and checked the following three places:

1.wynn@wynn-ThinkCentre-E97:/opt/intel/sgx-dcap-pccs/config$ cat default.json

"HTTPS_PORT" : 8081,
"hosts" : "0.0.0.0",
"uri": "https://api.trustedservices.intel.com/sgx/certification/v3/",
"ApiKey" : "[primery key]",
"proxy" : "",

"CachingFillMode" : "REQ",

[PCCS just installed as instruction]

2.wynn@wynn-ThinkCentre-E97:~$ cat /opt/intel/sgx-pck-id-retrieval-tool/network_setting.conf
# #############################################################
# PCCS server address
# support V2 version PCCS
#PCCS_URL=https://localhost:8081/sgx/certification/v2/platforms
# support V3 version PCCS
PCCS_URL=https://localhost:8081/sgx/certification/v3/platforms
#PCCS_URL=https://0.0.0.0:8081/sgx/certification/v3/platforms
#PCCS_URL=https://api.trustedservices.intel.com/sgx/certification/v3/
#PCCS_URL=https://0.0.0.0:8081/sgx/certification/v3/
#PCCS_URL=/lib/systemd/system/pccs.service
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE
###############################################################


###############################################################
# when access pccs, user need provide the token
user_token =[my password]
###############################################################


###############################################################
# Proxy settings:proxy type could be the following three types
# direct: means no proxy used
# default: system default proxy will be used
# manual: when this type was selected, user need provide the proxy_url

proxy_type = direct
#proxy_type = default
#proxy_type = manual
#proxy_url = http://proxy_url:proxy_port
###############################################################

3./etc/sgx_default_qcnl.conf is same to yours

4./etc/aesmd.conf is also uncomment esdsa

 

But it seems my PCCS  still can not execute normally, and  PCKIDRetrievalTool is error to use.

Please have a look and help me!Thanks a lot!!!

 

All the best,

urnotcoward

JesusG_Intel
Moderator
1,013 Views

Hello urnotcoward,


Send us logs from the PCCS.

 

Edit /opt/intel/sgx-dcap-pccs/config/default.json and set LogLevel to silly.


Restart PCCS and ensure it is active without errors.

sudo systemctl restart pccs

sudo systemctl status pccs

 

Run this command to check if you can get the CA root certificate from your PCCS. If you see a long text string return, then it is successful.

curl -k -G "https://localhost:8081/sgx/certification/v3/rootcacrl"

 

Run your tests then send us the pccs log from:

/opt/intel/sgx-dcap-pccs/logs


Sincerely,

Jesus G.

Intel Customer Support


urnotcoward
Beginner
1,002 Views

Hello Jesus,

 

I have adjusted the LogLevel and  Run this command, they are successful.

 

Following is  the pccs log after running my test  :

 

wynn@wynn-ThinkCentre-E97:/opt/intel/sgx-dcap-pccs/logs$ cat pccs_server.log

2022-05-07 09:55:07.135 [info]: Client Request-ID : 04825ab8ddf94408b64be676482f3c56
2022-05-07 09:55:08.926 [info]: Request-ID is : 2ce32ec1a2ca4b26992e6c591f11c7be
2022-05-07 09:55:09.718 [info]: Request-ID is : 35a6790c23ea452fa15332fd04a541c6
2022-05-07 09:55:09.743 [error]: PCK selection library returned 12
2022-05-07 09:55:09.744 [error]: Error: No cache data for this platform.
at Proxy.getPckCertFromPCS (/opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:237:11)
at async ReqCachingMode.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:205:7)
at async Proxy.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/platformsRegService.js:107:3)
at async postPlatforms (/opt/intel/sgx-dcap-pccs/controllers/platformsController.js:40:5)
2022-05-07 09:55:09.744 [info]: 127.0.0.1 - - [07/May/2022:01:55:09 +0000] "POST /sgx/certification/v3/platforms HTTP/1.1" 404 32 "-" "-"

2022-05-07 10:07:31.463 [info]: HTTPS Server is running on: https://localhost:8081
2022-05-07 10:08:59.356 [info]: Client Request-ID : 7ffb66b5fe984642a69c406e09021ae8
2022-05-07 10:08:59.365 [info]: 127.0.0.1 - - [07/May/2022:02:08:59 +0000] "GET /sgx/certification/v3/rootcacrl HTTP/1.1" 200 586 "-" "curl/7.68.0"

2022-05-07 10:09:38.952 [info]: Client Request-ID : 6ae6a7e5e78242d283fc8c0cd815181d
2022-05-07 10:09:40.592 [info]: Request-ID is : 68adbf425b8c48c78d5e8c5b76b573fc
2022-05-07 10:09:41.466 [info]: Request-ID is : ddce664d8aa94baea2c48529ea0f4b85
2022-05-07 10:09:41.542 [error]: PCK selection library returned 12
2022-05-07 10:09:41.543 [error]: Error: No cache data for this platform.
at Proxy.getPckCertFromPCS (/opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:237:11)
at async ReqCachingMode.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:205:7)
at async Proxy.registerPlatforms (/opt/intel/sgx-dcap-pccs/services/platformsRegService.js:107:3)
at async postPlatforms (/opt/intel/sgx-dcap-pccs/controllers/platformsController.js:40:5)
2022-05-07 10:09:41.547 [info]: 127.0.0.1 - - [07/May/2022:02:09:41 +0000] "POST /sgx/certification/v3/platforms HTTP/1.1" 404 32 "-" "-"

 

Please have a look, thanks!

 

Sincerely,

urnotcoward

urnotcoward
Beginner
984 Views

Hey guys,

please remember to rely me when you have time~

JesusG_Intel
Moderator
977 Views

Hello urnotcoward,

 

Your logs are very helpful.

 

We have an article that addresses your issue! https://www.intel.com/content/www/us/en/support/articles/000059239/software/intel-security-products....

 

Summary

Update BIOS to make the Trusted Computing Base (TCB) current.

 

Description

  1. Set up Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP) environment
  2. Built and installed Provisioning Certificate Caching Service (PCCS)
  3. Generated pckid_retrieval.csv
  4. Ran PCKIDRetrievalTool or other remote attestation sample
  5. Received error: unexpected error happened during sending data to cache server., however the data couldn't be sent to cache server!
  6. PCCS log file shows: [error]: PCK selection library returned 12 [error]: Error: No cache data for this platform. ... "POST /sgx/certification/v3/platforms HTTP/1.1" 404 32 "-" "-"

 

Resolution

Update the BIOS on the system to the most recent BIOS available from the OEM to make the trusted computing base current.

Additional information

Error 12 originates at the SGX PCK Cert Selection Library function pck_cert_select, which corresponds to PCK_CERT_SELECT_PCK_NOT_FOUND = 12, /**< Raw TCB is lower than all input PCKs */.

 

 

urnotcoward
Beginner
959 Views

Thank you for your reply!

Recently, I haved checked the relevant information. I installed intel sgx on my experimental physical host. For me, upgrading the bios will face a greater risk, which may cause me to reinstall the entire ubuntu system and lose files.
In the future, I may consider using a virtual machine to configure the intel sgx trusted environment. It would be better to do it in a pure environment.
Anyway, thank you very much for your patience in answering my questions.

Thanks again for community service!

 

urnotcoward

JesusG_Intel
Moderator
913 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply