Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX DCAP and PCCS problem

suchang665
Beginner
790 Views

Hi,

I am using ubuntu 22.04 virtue machine with in-kernel sgx driver, so I didn't install the DCAP sgx driver.

I tried to deploy the remote attestation and TLS so I followed the instruction of https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master. But it seems didn't work out.

When I input $ sudo systemctl status pccs it shows

 

● pccs.service - Provisioning Certificate Caching Service (PCCS)
Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-11-10 14:28:43 JST; 2h 11min ago
Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
Main PID: 373131 (node)
Tasks: 15 (limit: 103726)
Memory: 36.3M
CPU: 1.695s
CGroup: /system.slice/pccs.service
└─373131 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js

Nov 10 14:28:43 ubuntu-2204 systemd[1]: Started Provisioning Certificate Caching Service (PCCS).
Nov 10 14:28:44 ubuntu-2204 node[373131]: 2023-11-10 14:28:44.030 [info]: HTTPS Server is running on: https://localhost:8081
Nov 10 14:58:00 ubuntu-2204 node[373131]: 2023-11-10 14:58:00.805 [info]: Client Request-ID : b0e876eb1a1842b889beac778045d7b3
Nov 10 14:58:00 ubuntu-2204 node[373131]: 2023-11-10 14:58:00.812 [error]: Error: The platform was not found in the cache.
Nov 10 14:58:00 ubuntu-2204 node[373131]: at ReqCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachin>
Nov 10 14:58:00 ubuntu-2204 node[373131]: at CachingModeManager.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/ca>
Nov 10 14:58:00 ubuntu-2204 node[373131]: at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:115:41)
Nov 10 14:58:00 ubuntu-2204 node[373131]: at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
Nov 10 14:58:00 ubuntu-2204 node[373131]: 2023-11-10 14:58:00.816 [info]: 127.0.0.1 - - [10/Nov/2023:05:58:00 +0000] "GET /sgx/certification/v4/>

 

And when I check the pccs log, it shows

 

2023-11-10 14:58:00.805 [info]: Client Request-ID : b0e876eb1a1842b889beac778045d7b3
2023-11-10 14:58:00.812 [error]: Error: The platform was not found in the cache.
at ReqCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:72:11)
at CachingModeManager.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingModeManager.js:54:23)
at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:115:41)
at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
2023-11-10 14:58:00.816 [info]: 127.0.0.1 - - [10/Nov/2023:05:58:00 +0000] "GET /sgx/certification/v4/pckcert?qeid=3F659F5BF3B4800625D642B3A08AFBC4&encrypted_ppid=839FAEC3EDE0F4CDD649403E122E3728C9497DA544B7BAE3C3A4314156CD4146D43E5DC1DCCAB0FB226ED9638B23133340805D502A53BFFD8BACBA10A93434F60BA2D60FDB2AF32D1C90F1E017A5BE5450B090E091C3390645B184E9794A923900E5EE5C74BDEC583A06D60727930D8A44BBB815AB4864FFA02926EB2E2D0FB8FDC798BFB2AB36B0FC91823EC14E622A06922B29BFADFC05B7250CFFF57A64148C814A56A91BB103517FAA7BF4953774712F4AB3FEC93C354CC69FD07BF3364BB112FD4ED567DE660919F035E6DEAFE76DE8D58B57C8CBCF77E21DC6B58AFD69E8C41C6458590E3CF04087F4FC46C552BCFA7398E0A175B5803CA3183402C8984EAE54D049758FE591F674A40CD1D63F973E44F4524569942E28A01DD61DB09BEC6BE5E8D827D81BDFB5A33EF9EC77328215442119A13A4A4B7BCED1322DAF234158ADDA36B931870740D6A08E0BC32A2AB15BDB933BB5B77DCAA3F8EF3994E0D29EC75CB6F4065A423DC67D8B5A5540E4391A93DEA42B411DDF458B23F45420&cpusvn=06060E0CFFFF00000000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"
 
I am told this is because the platform registration and  install sgx-ra-service, but it doesn't look like success. Here is the log.
 
[10-11-2023 04:34:06] INFO: Starts Registration Agent Flow.
[10-11-2023 04:34:06] ERROR: readUEFIVar: failed to open uefi variable /sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45 ,error: No such file or directory
[10-11-2023 04:34:06] ERROR: getRegistrationStatus: SgxRegistrationStatus UEFI variable was not found or size not as expected.
[10-11-2023 04:34:06] ERROR: getRegistrationStatus: SgxRegistrationStatus acutal size: 0, expected size: 7
[10-11-2023 04:34:06] ERROR: Registration Flow - getRegistrationStatus failed, error: 4
[10-11-2023 04:34:06] ERROR: writeUEFIVar: failed to open uefi variable /sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45, error: No such file or directory
[10-11-2023 04:34:06] ERROR: setRegistrationStatus: failed to write uefi variable.
[10-11-2023 04:34:06] ERROR: setRegistrationStatus failed, error: 4
[10-11-2023 04:34:06] INFO: Finished Registration Agent Flow.
 
 Could you help me to figure out what is the problem? And could you tell me the correct the process of installing and using dcap.

 

0 Kudos
4 Replies
Aznie_Intel
Moderator
764 Views

 

Hi Suchang665,

 

Thanks for reaching out.

We are checking on this and will get back to you soon.

 

 

Regards,

Aznie


0 Kudos
suchang665
Beginner
680 Views

Hi Azinie

 

Thank you for your reply.

Have you investigated the cause of this problem?

 

Regards,

Suchang

0 Kudos
Sahira_Intel
Moderator
593 Views

Hi Suchang,

Sorry for my late response. It looks like your platform is not registered correctly. Can you use the PCKIDRetrievalTool to register your platform


Sincerely,

Sahira




0 Kudos
Aznie_Intel
Moderator
513 Views

Hi Suchang,


This thread will no longer be monitored since we have provided a solution. If you need any additional information from Intel, please submit a new question.



Regards,

Aznie



0 Kudos
Reply