Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

RemoteAttestation Example on Linux

AB_
Beginner
‎03-02-2019 06:56 PM
1,221 Views

Hi,

I could successfully build PSW and SGX SDK following the instructions from github repo. I haven't installed iclsClient and JHI. also I have error installing linux sgx driver. Given this status, I am seeing the following error in remoteattestation example when built with hardware debug mode (default) on ubuntu 18.04LTS

$ ./app

Error, call sgx_get_extended_epid_group_id fail [main].

 

Note that my aesmd service is running:

systemctl status aesmd.service
● aesmd.service - Intel(R) Architectural Enclave Service Manager
   Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Sat 2019-03-02 21:49:11 EST; 14s ago
  Process: 2842 ExecStart=/opt/intel/libsgx-enclave-common/aesm/aesm_service (code=exited, status=0/SUCCESS)
  Process: 2841 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 2840 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 2839 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
  Process: 2835 ExecStartPre=/opt/intel/libsgx-enclave-common/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
 Main PID: 2843 (code=exited, status=1/FAILURE)

 

Here are my questions. Please help clarify them.

1. What does the error mean when I am running ./app ?

2. Do I need to install iclsClient and JHI?

3. Why is linux sgx driver necessary to run in hardware mode?

 

 

0 Kudos

Link Copied

3 Replies
you_w_
New Contributor III
‎03-07-2019 12:01 AM
1,221 Views

Hi,

1. The error shows that your AESMD service doesn't run correctly.

2. You need to install Jhi and icls Client before you install SGX PSW,because PSW relies on JHI and icls Client.

3. It's SGX driver that make SGX instructions available for kernel and user.

0 Kudos
Copy link
Scott_R_Intel
Employee
‎03-07-2019 10:25 AM
1,221 Views

Hello.

First, the driver is needed because SGX requires it to perform necessary ring 0 (kernel) level functions.  Until you get the driver loaded correctly, the AESMD service will not run.  You do not need the JHI and iCLS clients installed for general SGX work.  You only need them installed if you require SGX platform services (trusted time and monotonic counters), which most usages don't.

Scott

0 Kudos
Copy link
Liu__Jerry
Beginner
‎04-15-2019 11:47 AM
1,221 Views

Anyway, the iclsClient and JHI installing link on intel's website seems unavailable now.

I couldn't find anything related with icls on https://software.intel.com/en-us/sgx/sdk.

Any help is appreciated!

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.