Community
cancel
Showing results for 
Search instead for 
Did you mean: 
suzaki
Novice
206 Views

"asem" daemon problem for remote attestation (EPID Provisioning failed)

Jump to solution

I tried the SGX remote attestation sample https://github.com/intel/sgx-ra-sample.git

My colleague could work it well on Intel-NUC 9VXQNX (Xeon), but I could not work it well on Intel-NUC NUC7PJYH (Pentium J5005).

In my case, the server caused an error at the msg0||msg1.

$ ./run-server
Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1

 

I checked the /var/log/syslog and found "aesm" daemon did not work well.

$ cat /var/log/syslog | grep -i aesm
Feb 4 11:02:51 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning initiated
Feb 4 11:02:52 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
8d5903ea6a64475b9c0a30c74bf1757f
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
b9d4425dd9f240b9977646d46a11460b
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning protocol error reported by Backend (5)
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning failed

The message said that "EPID Provisioning failed". Does it cause by CPU (Pentium J5005)?

Or does the previous setting (this machine was used by another SGX application) cause this failure?

Can you tell me some suggestions to fix this problem?

Labels (1)
0 Kudos

Accepted Solutions
JesusG_Intel
Moderator
181 Views

Hello Suzaki,


This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

8 Replies
suzaki
Novice
189 Views

Excuse me. I want to correct my article.

My colleague could run SGX remote attestation sample on Intel-NUC NUC7PJYH (Pentium J5005) but not on Intel-NUC 9VXQNX (Xeon).

So, the mystery thickens. Why my Intel-NUC NUC7PJYH did not run the sample?

JesusG_Intel
Moderator
182 Views

Hello Suzaki,


This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

suzaki
Novice
177 Views

Hi Jesus,

 

Thank you for your quick response.

My NUC7PJYH BIOS is as follows (using "dmidecode" command on Linux).

BIOS Information
        Vendor: Intel Corp.
        Version: JYGLKCPX.86A.0057.2020.1020.1637
        Release Date: 10/20/2020

I think it is the least BIOS

https://downloadcenter.intel.com/download/29987/BIOS-Update-JYGLKCPX-

 

I installed the SGX PSW for Linux using github source code.

https://github.com/intel/linux-sgx

Should I use the packages for my Ubuntu?

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

JesusG_Intel
Moderator
172 Views

Hello Suzaki,


I am checking with engineering. I will update this thread as soon as I have a response.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
163 Views

Hello Suzaki,

Yes, use the apt repos for Ubuntu.

 

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

Run sudo apt list --installed | grep sgx to ensure you have version 2.13 of the PSW packages.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel
Moderator
141 Views

Hello Suzaki,


Did updating your PSW solve your issue?


Sincerely,

Jesus G.

Intel Customer Support


suzaki
Novice
124 Views

Thank you, Jesus.

I update my PSW and can succeed the remote attestation.

$ ./run-client
+++ using default public key

....

---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED

 

JesusG_Intel
Moderator
104 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.