What does the error code 0x4004 mean?

Shi__Wenjie · ‎09-17-2019

Hello,

I tried to build the SampleEnclave provided by SGX SDK for linux in release mode, but the enclave didn't work.

To build it in release mode, (1) I set the option <DisableDebug> in Enclave.config.xml to 0, (2) passed 0 as the 2nd parameter of API sgx_create_enclave instead of the macro SGX_DEBUG_FLAG, and (3) finally, when the build finished, I signed the enclave with the file Enclave/Enclave_private.pem.

When I run the app, the enclave returned the error code 0x4004. As mentioned in the "Intel SGX SDK Developer Reference", 0x4004 means "Enclave has no privilege to get a launch token.". I can't understand it very well, the problem seems happened when the app trying to load the enclave, but I don't know why.

I want to know the reason why the error code 0x4004 is returned and how to fix it?

Thanks a lot!

Junli_S_Intel · ‎09-17-2019

the problem is located: (2) passed 0 as the 2nd parameter of API sgx_create_enclave instead of the macro SGX_DEBUG_FLAG

When you tried to load your enclave, your enclave's signing key should in Lanuch Enclave's white-list. Based on your description, your are using your owner signing key, So the create enclave operation would fail.

To let the APP work, please passed 1 as the 2nd parameter of API sgx_create_enclave.