Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Running intel/sgx-ra-sample

Marku__Enio
Beginner
‎06-11-2019 06:05 AM
1,533 Views
Solved Jump to solution

Hi,

 

I am building an SGX application and I tried to run Intel RA as it is mentioned in https://github.com/intel/sgx-ra-sample

I am using Windows and I was able to built it but I am not able to execute it.

When I go to the directory vs\x64\Debug and execute the command 

run-client host:7777

I got an error: getaddrinfo: No such host is known..

Also when I execute the command 

run-server -A  7777

I got an error:  cert_load_file:IASReportSigningCertificate.pem: No such file or directory

 

I went through the code and I realized (at least what I think) that the file IASReportSigningCertificate.pem does not exist and I could not find it on my Windows System directory. I know that some edits need to be done at settings.cmd file but I do not know where should I find the IAS certificate in my pc.

Has anyone tried to run this sample successfully? If yes, I would really appreciate if these guys can give me a feedback

0 Kudos
1 Solution
Scott_R_Intel
Employee
‎06-11-2019 06:48 AM
1,533 Views
Solved Jump to solution

Hello Enio.

The Attestation Report Signing CA Certificate (IASReportSigningCertificate.pem) file will be sent via email after your self-signed x.509 cert has been added to the DEV IAS environment. For more information, see the Prerequisites section of the web page below that goes along with the remote attestation sample code.

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

View solution in original post

0 Kudos
Copy link

Link Copied

6 Replies
Scott_R_Intel
Employee
‎06-11-2019 06:48 AM
1,534 Views
Solved Jump to solution

Hello Enio.

The Attestation Report Signing CA Certificate (IASReportSigningCertificate.pem) file will be sent via email after your self-signed x.509 cert has been added to the DEV IAS environment. For more information, see the Prerequisites section of the web page below that goes along with the remote attestation sample code.

https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example

Regards.

Scott

0 Kudos
Copy link
Marku__Enio
Beginner
‎06-12-2019 09:21 AM
1,533 Views
Solved Jump to solution

Hi Scott,

I have followed the link for using self signed certificate but the verification at the last step was unsuccessful, anyway I did some research and the solution is to send the {CommonName}.cert file as .txt file. I did that and I got a reply from Intel that they are processing my requests but has been around 24 hours that I still have not got back an email by them with SPID. Is that a normal procedure by Intel or is that taking too long?

Cheers,

Enio

0 Kudos
Copy link
Scott_R_Intel
Employee
‎06-12-2019 09:28 AM
1,533 Views
Solved Jump to solution

Hi Enio.

Generally, turn around time is 2-3 days, depending on our back end team's workload.

Scott

0 Kudos
Copy link
bashar__golam
Beginner
‎06-24-2019 04:34 PM
1,533 Views
Solved Jump to solution

Hi,

 While I creating Self-Signed Certificates for use with Intel® SGX Remote Attestation using OpenSSL I got error (please see the attachment) at the final step to verify that my certificate passes the openssl verification.

Can anyone suggest?

Preview file
42 KB
0 Kudos
Copy link
Marku__Enio
Beginner
‎07-01-2019 07:23 AM
1,533 Views
Solved Jump to solution

Hi bashar,

 

Just sent a version of certificate you obtained in .txt file by contacting Intel. Then they will verify it and after verification, if succesful you will get an EPID and a link to download the certificate

 

Hope this helps,

 

Enio

0 Kudos
Copy link
Marku__Enio
Beginner
‎07-01-2019 07:32 AM
1,533 Views
Solved Jump to solution

Hi Scott,

Intel verified my certificate, but now I get an error when I try to query IAS for message 2 from service provider to IAS. 

To sp.exe I got the following error

Could not query IAS

could not retrieve the sigrl

error processing msg1

I have used -v to run the server and get more details and I realized that when I do a HTTP Get request to IAS the url looks like this

GET https://test-as.sgx.trustedservices.intel.com/attestation/sgx/v3/sigrl/gid

However I checked the IAS documentation and HTTP GET request looks like

GET https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v3/sigrl/00000010

 

Do you think the problem is that the port is not given at my HTTP GET request?

Also I see another suspicious thing about gid.

msg.gid at my sp.exe is different from gid in HTTP GET request. 

Also do I need to do some addings at settings.cmd file for that problem?

 

I would really appreciate any help

Have a nice day

Enio

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.