Solved: Quote:Changzheng W. (Intel)

shen_y_ · ‎06-12-2016

Hi,

I can run the SampleEnclave and LocalAttestation sample code well in the IntelSGXSDK. When I want to run RemoteAttestation sample, it always fails. I find that isv_app.cpp called the enclave_init_ra(enclave_id,&status,false,&context) with false value of b_pse. It will bypass the function call sgx_create_pse_session() later and not establish a session with PSE. Then it will return a 0 value context,which is used in sgx_ra_get_msg1() function, and lead to results below.If i set b_pse true,it will fail either.

"Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1 fail [wmain].
Call enclave_ra_close success."

I also find an answer "Some platforms do not have firmware support for platform services enclave, which would cause this function to fail“ and an article "Usage of Simulation Mode in SGX Enhanced Application" referred to the firmware.

My Question is

1.What kind of firmware it is? How to find out the firmware is supported in my laptop? Or , the firmware is already supported in my laptop,

the error is caused just because it is in non-product mode?

2.Is there anyone else can run the RemoteAttestation code without error? Thanks for your help!!:)

Surenthar_S_Intel · ‎06-12-2016

Hi Yu,
There seems something wrong with the platform service configuration and this problem is solved after install the latest version of Intel management engine component and sgx platform service (The full ME stack needs to be installed on the system for the services to be available to SGX platform software).

Intel® Management Engine (Intel® ME) download link
https://downloadcenter.intel.com/download/25881

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

Surenthar_S_Intel · ‎06-12-2016

Hi Yu,
There seems something wrong with the platform service configuration and this problem is solved after install the latest version of Intel management engine component and sgx platform service (The full ME stack needs to be installed on the system for the services to be available to SGX platform software).

Intel® Management Engine (Intel® ME) download link
https://downloadcenter.intel.com/download/25881

Thanks and Regards,
Surenthar Selvaraj

shen_y_ · ‎06-13-2016

Hi Surenthar Selvaraj,

I'm sorry to say that I still get SGX_ERROR_BUSY error when I call the sgx_create_pse_session() function .I have downloaded and installed the latest version of Intel ME and my SDK&PSW version is also the latest version(SDK and PSW for Windows v1.1.30214.81). I'm sure that AESMService is running background.

How can I fix it ?

Thank you ,

Yu

Surenthar_S_Intel · ‎06-14-2016

Hi Yu,

Initial instincts that something is went wrong with the Intel SGX PSW. Can you please uninstall the PSW, reboot, and a fresh reinstallion of Intel SGX PSW and Intel ME.

Thanks and Regards,
Surenthar Selvaraj

shen_y_ · ‎06-21-2016

Hi Surenthar Selvaraj,

I have finished the process of "uninstall the PSW, reboot, and a fresh reinstallion of Intel SGX PSW and Intel ME". But it doesn't work for me.

enclave_init_ra(enclave_id,&status,false,&context) -> sgx_ra_init(&g_sp_pub_key,b_pse,p_context) still returns context with value 0.

Sgx_ra_get_msg1 return SGX_ERROR_BUSY or SGX_ERROR_NETWORK_FAILURE.

Error is caused by 0 value context, is that right? Or there is some proxy or network problems I didn't notice .

Thanks and Regards,

Yu

shen_y_ · ‎06-22-2016

Thanks for Surenthar Selvaraj.

I've found the solution. The problem is related to the proxy network of my company. Because there is no proxy setting in PSW, so I have to run the sample code in no proxy network environment.Then it works with no error!.

The PSW will contact with Intel IAS server for provisioning the EPID private key. So If someone comes across the similar problem, check your network.

Changzheng_W_Intel · ‎09-29-2016

Yu wrote:

Thanks for Surenthar Selvaraj.

I've found the solution. The problem is related to the proxy network of my company. Because there is no proxy setting in PSW, so I have to run the sample code in no proxy network environment.Then it works with no error!.

The PSW will contact with Intel IAS server for provisioning the EPID private key. So If someone comes across the similar problem, check your network.

Hi

I have the same issue on linux platform

I built the RemoteAttestation using : make SGX_MODE=HW SGX_DEBUG=1

when I run ./app, it says

Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1 fail [main].
Call enclave_ra_close success.

My company network has proxy, it means my sgx server has to access network via proxy. Is there any way to solve this?

shen_y_ · ‎09-29-2016

Changzheng W. (Intel) wrote:

Quote:

Yu wrote:

Thanks for Surenthar Selvaraj.

I've found the solution. The problem is related to the proxy network of my company. Because there is no proxy setting in PSW, so I have to run the sample code in no proxy network environment.Then it works with no error!.

The PSW will contact with Intel IAS server for provisioning the EPID private key. So If someone comes across the similar problem, check your network.

Hi

I have the same issue on linux platform

I built the RemoteAttestation using : make SGX_MODE=HW SGX_DEBUG=1

when I run ./app, it says

Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1 fail [main].
Call enclave_ra_close success.

My company network has proxy, it means my sgx server has to access network via proxy. Is there any way to solve this?

I contacted my company network administrator to add my account in the whitelist of the network proxy. So you can have a try.

Daniel_Anderson_Intel · ‎02-06-2020

When I get the error message about uninstalling the PSW (Platform Software), what I do is just stop AESM with this command:

sudo service aesmd stop
sudo service aesmd status

(this is for Ubuntu Linux btw)

Running RemoteAttestation sample failed