Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

pckcert api return empty content?

PatricMe
Beginner
2,577 Views

Help!!!

When I call "https://api.trustedservices.intel.com/sgx/certification/v3/pckcert", it return 200 status, but no pck_cert content. What is wrong with me?

The detail info is:

qeid=9F65C7678E2FC71159E7B5FD023A61AB

cpusvn=05050208FFFF00000000000000000000

pcesvn=0B00

pceid=0000

encrypted_ppid=B92EF41D5CDCCA15DCAB33D6FC27990EAEE0867750A4988F07D96D92CE177466C8841AE258CB7815661BB48B6AAE728AC75E7A3F0D565FCF2028E6DC79F878786311B48D2A2E2E37CB9D05F9F805C60E98EBF4BF4F225FB37043EEB929970F09D54F1177D25A271FC1872D4B343226F6AD48F0FF511BFDC06C15A04422DC9B65D458D51A23CB8741D8A08210E52E84C897F5887301291598A166BD4FE841EF05F3A1761BCCAFED33A24515951EBF914D5CDCB983C745B3C7A907896251FA783B88499F666A3B2F2D33E55931FE19866627DA36DBB41C2C9FB4738DCECEF23645A81EAFFEA8E2C753B427894EF94605F69CEF84BB01660C47B5988CEC12826F7429A00F8144470D9457929E3B3FE46848C188DB8904A54391A4E423F2DC3337F0ED64683999DF3B3C8EF9F3E55CAE1963AB82E95C028137CCDBBE271DC1E9B8A17EFAEF2B9A7474DEB5C69C0A4F16588ABDF70EC1A6EB8074C7983578E50DA6C69787EDF9DC018217D4A34A7DE7E869FF29CD6757C609D1E019337BF7C5801E87

 

 

Platform Info:

uname -a:

Linux ubuntu 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

 

cat /proc/cpuinfo | grep 'model name' | uniq :
model name : Intel(R) Xeon(R) Platinum 8374C CPU @ 2.70GHz

0 Kudos
1 Solution
JesusG_Intel
Moderator
2,456 Views

Hello PatricMe,


Thanks for that feedback. The only thing left is to follow my previous instruction:


If you are getting a 404 error it means that you have not registered the platform so the backend does not recognize it. You must perform a multi-package registration before retrieving the cert. Please refer to this paper for full details:

 

https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
10 Replies
JesusG_Intel
Moderator
2,556 Views

Hello PatricMe,


First, let's make sure your platform has all of the necessary SGX components. Run these commands in your terminal and provide us the output as text or screenshots.


$ cpuid | grep -i sgx

$ cpuid | head (we should see vendor_id, version info, family, model, stepping id)

$ sudo apt list --installed | grep -i sgx

$ ls /dev | grep -i sgx


Sincerely,

Jesus G.

Intel Customer Support



0 Kudos
PatricMe
Beginner
2,528 Views

cpuid | grep -i sgx:

PatricMe_0-1623402497509.png

cpuid | head:

PatricMe_1-1623402850546.png

sudo apt list --installed | grep -i sgx

PatricMe_2-1623402889225.png

 

ls /dev | grep -i sgx

PatricMe_3-1623402956096.png

 

 

I have 3 machines, this machine call a pckcert request,return 404:

detail info:

2021-06-11 02:09:38.382 [debug]: https://api.trustedservices.intel.com/sgx/certification/v3/pckcerts
2021-06-11 02:09:38.383 [debug]: {"searchParams":{"encrypted_ppid":"26BF31EED592F5F7852162ADBA82E2D890A55FFBFCAADE0BCF64B7D34357B525FC6AD00917A5337F533577ADEE75F4449B5DA0BDFC859202FC03196D70C05DE6A8D2317CAF07A48DF0BE706D935353A27E79375E8CC57451AE3B30B979CB7E47C20C1E125B2C2E2C4C1ED0C3CCC258786DBA78994F0AA8A391AF7029F77A522EB89326AD5C5D74CC527DA9A262A5F7BB62773AF23D7F9844DFEE305ADDF7E84F9AC2FD896B2730A7207CF48F2363B61B2EE355C7175C103A215C3C8C9AAEAD18539E4A1FB8A452CD5E8E84765E64279B4DCBD6AF33CDB2D5807D8AADD4818DBA172F10B100A40A8772CC8F0D3A45269FC5D7AB39B98F04B994272EAE62EDB9B5AB2653230050BB227F95D8DC97F5A363DDC9E736E5097C9A2C07C7966C26D08715F0C7D24285A6AA9B3AE04A6843841C87896F4390045584A101B2F574165EDE09CCCED795CF8213E3636E470EFFCEA31C80246DF7CB3340A456C0B2F343354EAD8EADD1412F2C95B6845090D565C2BBD12DFB33802F4592B08BAE74171802A6","pceid":"0000"},"method":"GET","headers":{"Ocp-Apim-Subscription-Key":"da6764847ecb4c79963d44e5721f75b7"}}

2021-06-11 02:09:39.205 [debug]: Response code 404 (Not Found)

0 Kudos
JesusG_Intel
Moderator
2,517 Views

Hello PatricMe,

 

If you are getting a 404 error it means that you have not registered the platform so the backend does not recognize it. You must perform a multi-package registration before retrieving the cert. Please refer to this paper for full details:

 

https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf

 

This link is also helpful:

 

https://api.portal.trustedservices.intel.com/

 

Also, please send us the output from:  $sudo rdmsr 0xCE -f 27:27

Sincerely,

Jesus G.

Intel Customer Support

 

 

0 Kudos
PatricMe
Beginner
2,498 Views

PatricMe_0-1623725260693.png

 

rdmsr 0xCE -f 27:27   ,return no such file

 

0 Kudos
JesusG_Intel
Moderator
2,472 Views

Hello PatricMe,


Be sure that the msr.ko kernel module is loaded before running rdmsr.


$ sudo modprobe msr

$ sudo rdmsr -f 27:27 0xCE


Sincerely,

Jesus G.

Intel Customer Support



0 Kudos
PatricMe
Beginner
2,462 Views
0 Kudos
JesusG_Intel
Moderator
2,457 Views

Hello PatricMe,


Thanks for that feedback. The only thing left is to follow my previous instruction:


If you are getting a 404 error it means that you have not registered the platform so the backend does not recognize it. You must perform a multi-package registration before retrieving the cert. Please refer to this paper for full details:

 

https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
woogieboogie
Novice
545 Views

Hello there. Greetings from 2024. 

 

I've encountered same issue and likewise here are my environment info:

 

qeid=d762ff99f3181b5bb7a9f1899ac2c428

cpusvn=090d0f0effff00000000000000000000

pcesvn=0f00

pceid=0000

encrypted_ppid=40f3bcb26064a434bb972260fa8c8d6614153e097ca89cf04ee8b846b196c4ae94a2ce1d9592902833a09da738e2f24db867b197b11b74e5dd6fc57be1507de04f4f3bcc9a6317d970266dbd371fca30445dc9b4a5c44cd18672803edc9d96cc9d8914303d10142892ec8fc279f167d9bf55db86bec4df465834ed72e35bacacc01b1520a361bd59f597eb1ffdc8e9d4a688aba36399e99cc89c1e001afce6ac2c4a2314ea0cadf72a599409a7e2685f05a30b30a0d4d6c2fe0f1dcaaed4a7805c03c60bf035b8b5d70d7585135f1a3a832f44bb98b2ca18dc49c90b87cd6ae76577926052db270f3856936598a863ebf57d351e772b9f95decb9b279ea520c5873b05323502fd08cbf06b19a6292b8cd3e814a4d32b882136bb6e288c279f698f38a222e19d01edd5ac9600b82d39464cef1a911ddc5bda9257bbb6ec450e86130e57435d98fd9e93ba34ee006c49b9c8390cc71068e53bb0e6313557c705d05605a7e29c073afbdc37ebc49043c68139546027af8e476f37e34ec78b8b54f7

 

Platform Info:

uname -a:

Linux woogieboogie-Super-Server 6.5.0-26-generic #26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

 

cat /proc/cpuinfo | grep 'model name' | uniq :
model name : Intel(R) Xeon(R) Gold 5317 CPU @ 3.00GHz

 

rdmsr -f 27:27 0xCE returns '0'

 

Therefore, I've been trying to register 'multi-package registration' even if I'm using a physical single-socket server. I've encountered a problem when trying to submit a 'platform_manifest'.  

When executing PCKIDRetrievalTool and looking at the created 'pckid_retrieval.csv' file, the latest column shows a lot of data (written below): '178e874b49e44aa599bb3057170925b41d6e010000000000000000000000000084947ac684404189902a7e76cd658926bc0101000000000000000000000000005a82fbf22f992be773ce2a274eb1019c1d41ed6254d722c29639eba101723916f0fb92bf59b020df2415128a93cf57f0a7a2267e36812bc903f77221e0926f5d15909bef4440dc98ec87134e905f746842bcf2a44209bf681475c173eb0dd28f6a58fa148b4e5c90d61b44d652923e77b2e47daf6a589a18b82ead419c90daa2634b675c2d62fa7f76a8721588f75366ca933b96ba0fa54aef93fd0abc81b7d9ec3bd719ae549daf5229b699c0950fb4e7f7e91fc179fd3f4f71a4503b594d4c79ea166f69ca5a0ed93d7bd3966553534ddae64c82744595d03f4a30431b59c9b889d5e60680222e30c13fce4fe9dd889d382414f0e937323211cfae149df06287fe3b543c041eba0e754fb1650c109bb2d7c01c2361015b99487227580e68fbb35854d6c78fe0e3ca4d20db80e7ec696024dc84454accf7ddd8bd2bbab41b4510eac4eedd089f303806982956ceb30e54a4c116c1c45a9fea753ddf7e285eb27dc3d517a8d84b92f53f64b2d5275eb26ff686f4088ea29125b62d3ed535b335fedc47e97672f302b5384212ac0363be01000100e6ba70fe80e729cabe4948a1dfdb1e301e630282d3379b42dea30ecd181fb8c90000010001000000fd8f5c411b614b97a74796f08926757b39050100000000000000000000000000200000000a00000009b1843ef3cc4e713471729704bdf66acbf259a1394fc50e69ce0030531471a7e5722f7e46ed9d1de35f79d76e0347a2b6618a616bec1bfb51853581b558160996d3d0e044781db278be71250de591ead1f89cd10b2919938e7f8bf8e49aacfa72fe072bf5f8377dbd33d97f32a07c5f478cf05d9cdbbb705ae9adb8b68808b690870c5663005575686d595d8c97b46864eb9b7e934030323282f4af9f7741516b9732337af757ebf7faadf652f84e885e63193a3adaccf9181948c08c81adbb0a61a9f678e2d68be0b759da55d6d3029148cfa9cb040ab8867d66254f93c1010659a9c8609568fa9ae74c5792c4d7e71ba1034add730f601b2d6cacf1743262e173633a82e1e6cb04a1b1d01648a06..... and goes'

 

 

In what format should i save the above bytestream into? Would this fix everything and finally let me get that DCAP PCK certification?

 

0 Kudos
JesusG_Intel
Moderator
2,443 Views

Hello PatricMe,


Have you been able to make any progress in registering your platform according to the provided document?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
2,426 Views

Hello Patric,


We have not heard from you in several days so we will no longer monitor this thread. We hope you were able to resolve your issue. Please start a new thread if you need further help.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Reply