Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX_ERROR_SERVICE_INVALID_PRIVILEDGE How to prepare a SGX project for release version?

Sijie_D_
Beginner
3,004 Views

Hi, Intel engineers!

I just got a machine with Intel Core i7-6820HQ CPU which support SGX.

I already get my development environment prepared. And right now I'm playing around with the SGX SDK.

The sample codes shipped with the SDK work well under Debug mood, simulation mood as well as prerelease mood on my machine. While, under the release mood, the default configuration doesn’t create a signed enclave file. So, I created a signed enclave file following the instruction on the SDK user’s guide (using two step signing method).

 

When I execute the release version enclave application, I get this error:

 

The return value of the API:

sgx_create_enclave is 0x4004, which corresponds to SGX_ERROR_SERVICE_INVALID_PRIVILEDGE.

So, my real question is: what does this error mean and how should I solve it?

Is there any other operations that must be done to make the release version application work? 

0 Kudos
1 Solution
Derek_B_Intel
Employee
3,004 Views

This error is received when an enclave is launched as a production enclave without production licensing support. You can launch your enclave in HW mode when the debug flag is set in the call: sgx_create_enclave.  (2nd parameter)

View solution in original post

0 Kudos
5 Replies
Derek_B_Intel
Employee
3,004 Views

The SGX SDK provided is an Evaluation SDK intended for technology evaluation, prototyping and development. Release mode enclaves, or production enclaves, require a production license.

0 Kudos
Sijie_D_
Beginner
3,004 Views
So, what is the current SGX licensing mechanism for academic research? And How can we request such a license?
 
In addition, is there any additional intel documents other than the online User Guide and writers Guide that can provide more detailed information about how to prepare an application and enclave for release?
0 Kudos
Simon_J_Intel
Employee
3,004 Views

We have written a blog on differences between debug and production enclaves, and the different compiler profiles. You should be able to go a long using the Evaluation SDK. 

See https://software.intel.com/en-us/blogs/2016/01/07/intel-sgx-debug-production-prelease-whats-the-difference

Requests for production licensing need to be sent to sgx_program@intel.com

0 Kudos
sai_s_
Beginner
3,001 Views

Hi Simon,

Is the error 0x4004  SGX_ERROR_SERVICE_INVALID_PRIVILEDGE due to not having a license? Or is it related to something unrelated to the license?

I am running an SGX program using simulation libraries (by setting them in Linker>input>additional dependencies), the program runs fine. But when I use the HW configuration, the enclave is not created due to 0x4004 error mentioned in the post.

I also would like to mention that I don't meant to hijack the post but I posted here because the it was not answered whether the error 0x4004 is due to not having license.

 

 

0 Kudos
Derek_B_Intel
Employee
3,005 Views

This error is received when an enclave is launched as a production enclave without production licensing support. You can launch your enclave in HW mode when the debug flag is set in the call: sgx_create_enclave.  (2nd parameter)

0 Kudos
Reply