I could successfully build PSW and SGX SDK following the instructions from github repo. I haven't installed iclsClient and JHI. also I have error installing linux sgx driver. Given this status, I am seeing the following error in remoteattestation example when built with hardware debug mode (default) on ubuntu 18.04LTS
Error, call sgx_get_extended_epid_group_id fail [main].
Note that my aesmd service is running:
systemctl status aesmd.service ● aesmd.service - Intel(R) Architectural Enclave Service Manager Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Sat 2019-03-02 21:49:11 EST; 14s ago Process: 2842 ExecStart=/opt/intel/libsgx-enclave-common/aesm/aesm_service (code=exited, status=0/SUCCESS) Process: 2841 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS) Process: 2840 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS) Process: 2839 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS) Process: 2835 ExecStartPre=/opt/intel/libsgx-enclave-common/aesm/linksgx.sh (code=exited, status=0/SUCCESS) Main PID: 2843 (code=exited, status=1/FAILURE)
Here are my questions. Please help clarify them.
1. What does the error mean when I am running ./app ?
2. Do I need to install iclsClient and JHI?
3. Why is linux sgx driver necessary to run in hardware mode?
1. The error shows that your AESMD service doesn't run correctly.
2. You need to install Jhi and icls Client before you install SGX PSW，because PSW relies on JHI and icls Client.
3. It's SGX driver that make SGX instructions available for kernel and user.
First, the driver is needed because SGX requires it to perform necessary ring 0 (kernel) level functions. Until you get the driver loaded correctly, the AESMD service will not run. You do not need the JHI and iCLS clients installed for general SGX work. You only need them installed if you require SGX platform services (trusted time and monotonic counters), which most usages don't.
Anyway, the iclsClient and JHI installing link on intel's website seems unavailable now.
I couldn't find anything related with icls on https://software.intel.com/en-us/sgx/sdk.
Any help is appreciated!