- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the SGX remote attestation sample https://github.com/intel/sgx-ra-sample.git
My colleague could work it well on Intel-NUC 9VXQNX (Xeon), but I could not work it well on Intel-NUC NUC7PJYH (Pentium J5005).
In my case, the server caused an error at the msg0||msg1.
$ ./run-server
Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1
I checked the /var/log/syslog and found "aesm" daemon did not work well.
$ cat /var/log/syslog | grep -i aesm
Feb 4 11:02:51 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning initiated
Feb 4 11:02:52 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
8d5903ea6a64475b9c0a30c74bf1757f
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
b9d4425dd9f240b9977646d46a11460b
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning protocol error reported by Backend (5)
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning failed
The message said that "EPID Provisioning failed". Does it cause by CPU (Pentium J5005)?
Or does the previous setting (this machine was used by another SGX application) cause this failure?
Can you tell me some suggestions to fix this problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Suzaki,
This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Excuse me. I want to correct my article.
My colleague could run SGX remote attestation sample on Intel-NUC NUC7PJYH (Pentium J5005) but not on Intel-NUC 9VXQNX (Xeon).
So, the mystery thickens. Why my Intel-NUC NUC7PJYH did not run the sample?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Suzaki,
This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jesus,
Thank you for your quick response.
My NUC7PJYH BIOS is as follows (using "dmidecode" command on Linux).
BIOS Information
Vendor: Intel Corp.
Version: JYGLKCPX.86A.0057.2020.1020.1637
Release Date: 10/20/2020
I think it is the least BIOS
https://downloadcenter.intel.com/download/29987/BIOS-Update-JYGLKCPX-
I installed the SGX PSW for Linux using github source code.
https://github.com/intel/linux-sgx
Should I use the packages for my Ubuntu?
apt-get install libsgx-launch libsgx-urts
apt-get install libsgx-epid libsgx-urts
apt-get install libsgx-quote-ex libsgx-urts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Suzaki,
I am checking with engineering. I will update this thread as soon as I have a response.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Suzaki,
Yes, use the apt repos for Ubuntu.
apt-get install libsgx-launch libsgx-urts
apt-get install libsgx-epid libsgx-urts
apt-get install libsgx-quote-ex libsgx-urts
Run sudo apt list --installed | grep sgx to ensure you have version 2.13 of the PSW packages.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Suzaki,
Did updating your PSW solve your issue?
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, Jesus.
I update my PSW and can succeed the remote attestation.
$ ./run-client
+++ using default public key
....
---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page