Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1481 Discussions

"asem" daemon problem for remote attestation (EPID Provisioning failed)

suzaki
Novice
3,392 Views

I tried the SGX remote attestation sample https://github.com/intel/sgx-ra-sample.git

My colleague could work it well on Intel-NUC 9VXQNX (Xeon), but I could not work it well on Intel-NUC NUC7PJYH (Pentium J5005).

In my case, the server caused an error at the msg0||msg1.

$ ./run-server
Listening for connections on port 7777
Waiting for a client to connect...
Connection from 127.0.0.1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1

 

I checked the /var/log/syslog and found "aesm" daemon did not work well.

$ cat /var/log/syslog | grep -i aesm
Feb 4 11:02:51 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning initiated
Feb 4 11:02:52 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
8d5903ea6a64475b9c0a30c74bf1757f
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: The Request ID is
b9d4425dd9f240b9977646d46a11460b
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning protocol error reported by Backend (5)
Feb 4 11:02:53 suzaki-NUC7PJYH aesm_service[18751]: [ADMIN]EPID
Provisioning failed

The message said that "EPID Provisioning failed". Does it cause by CPU (Pentium J5005)?

Or does the previous setting (this machine was used by another SGX application) cause this failure?

Can you tell me some suggestions to fix this problem?

Labels (1)
0 Kudos
1 Solution
JesusG_Intel
Moderator
3,367 Views

Hello Suzaki,


This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
8 Replies
suzaki
Novice
3,374 Views

Excuse me. I want to correct my article.

My colleague could run SGX remote attestation sample on Intel-NUC NUC7PJYH (Pentium J5005) but not on Intel-NUC 9VXQNX (Xeon).

So, the mystery thickens. Why my Intel-NUC NUC7PJYH did not run the sample?

0 Kudos
JesusG_Intel
Moderator
3,368 Views

Hello Suzaki,


This error is usually caused by a BIOS issue. Ensure you have installed the latest BIOS and the latest Intel SGX PSW for Linux.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
suzaki
Novice
3,362 Views

Hi Jesus,

 

Thank you for your quick response.

My NUC7PJYH BIOS is as follows (using "dmidecode" command on Linux).

BIOS Information
        Vendor: Intel Corp.
        Version: JYGLKCPX.86A.0057.2020.1020.1637
        Release Date: 10/20/2020

I think it is the least BIOS

https://downloadcenter.intel.com/download/29987/BIOS-Update-JYGLKCPX-

 

I installed the SGX PSW for Linux using github source code.

https://github.com/intel/linux-sgx

Should I use the packages for my Ubuntu?

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

0 Kudos
JesusG_Intel
Moderator
3,357 Views

Hello Suzaki,


I am checking with engineering. I will update this thread as soon as I have a response.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
3,348 Views

Hello Suzaki,

Yes, use the apt repos for Ubuntu.

 

apt-get install libsgx-launch libsgx-urts

apt-get install libsgx-epid libsgx-urts

apt-get install libsgx-quote-ex libsgx-urts

Run sudo apt list --installed | grep sgx to ensure you have version 2.13 of the PSW packages.

Sincerely,

Jesus G.

Intel Customer Support

0 Kudos
JesusG_Intel
Moderator
3,326 Views

Hello Suzaki,


Did updating your PSW solve your issue?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
suzaki
Novice
3,309 Views

Thank you, Jesus.

I update my PSW and can succeed the remote attestation.

$ ./run-client
+++ using default public key

....

---- Enclave Trust Status from Service Provider ----------------------------
Enclave TRUSTED

 

JesusG_Intel
Moderator
3,289 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply