Solved: Re:"asem" daemon problem for remote attestation (EPID Provisioning failed)

suzaki · ‎02-03-2021

I tried the SGX remote attestation sample https://github.com/intel/sgx-ra-sample.git

My colleague could work it well on Intel-NUC 9VXQNX (Xeon), but I could not work it well on Intel-NUC NUC7PJYH (Pentium J5005).

In my case, the server caused an error at the msg0||msg1.

$ ./run-server
Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1

I checked the /var/log/syslog and found "aesm" daemon did not work well.

$ cat /var/log/syslog | grep -i aesm
Feb 4 11:02:51 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning initiated
Feb 4 11:02:52 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
8d5903ea6a64475b9c0a30c74bf1757f
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
b9d4425dd9f240b9977646d46a11460b
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning protocol error reported by Backend (5)
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning failed

The message said that "EPID Provisioning failed". Does it cause by CPU (Pentium J5005)?

Or does the previous setting (this machine was used by another SGX application) cause this failure?

Can you tell me some suggestions to fix this problem?

JesusG_Intel · ‎02-04-2021

Hello Suzaki,

This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.

Sincerely,

Jesus G.

Intel Customer Support

View solution in original post

suzaki · ‎02-04-2021

Excuse me. I want to correct my article.

My colleague could run SGX remote attestation sample on Intel-NUC NUC7PJYH (Pentium J5005) but not on Intel-NUC 9VXQNX (Xeon).

So, the mystery thickens. Why my Intel-NUC NUC7PJYH did not run the sample?

JesusG_Intel · ‎02-04-2021

Hello Suzaki,

This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.

Sincerely,

Jesus G.

Intel Customer Support

suzaki · ‎02-04-2021

Hi Jesus,

Thank you for your quick response.

My NUC7PJYH BIOS is as follows (using "dmidecode" command on Linux).

BIOS Information
        Vendor: Intel Corp.
        Version: JYGLKCPX.86A.0057.2020.1020.1637
        Release Date: 10/20/2020

I think it is the least BIOS

https://downloadcenter.intel.com/download/29987/BIOS-Update-JYGLKCPX-

I installed the SGX PSW for Linux using github source code.

https://github.com/intel/linux-sgx

Should I use the packages for my Ubuntu?

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

JesusG_Intel · ‎02-04-2021

Hello Suzaki,

I am checking with engineering. I will update this thread as soon as I have a response.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎02-05-2021

Hello Suzaki,

Yes, use the apt repos for Ubuntu.

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

Run sudo apt list --installed | grep sgx to ensure you have version 2.13 of the PSW packages.

Sincerely,

Jesus G.

Intel Customer Support

JesusG_Intel · ‎02-09-2021

Hello Suzaki,

Did updating your PSW solve your issue?

Sincerely,

Jesus G.

Intel Customer Support

suzaki · ‎02-10-2021

Thank you, Jesus.

I update my PSW and can succeed the remote attestation.

$ ./run-client
+++ using default public key

....

---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED

JesusG_Intel · ‎02-11-2021

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.

"asem" daemon problem for remote attestation (EPID Provisioning failed)

Remote Attestation