Software Archive
Read-only legacy content
17061 Discussions

sgx_foreshadow_issue remote_attestation_issue

du__xin
Beginner
660 Views

We are facing the following issue even with the updated cpu microcode and Ubuntu 16.04 kernel.  

Errors:

======================================================================

---- Enclave Trust Status from Service Provider ----------------------------

Enclave NOT TRUSTED

----------------------------------------------------------------------------

 

---- Platform Update Required ----------------------------------------------

The following Platform Update(s) are required to bring this

platform's Trusted Computing Base (TCB) back into compliance:

 

 * The CPU Microcode needs to be updated.  Contact your OEM for a platform

   BIOS Update.

=================================================

 

The following mitigation solutions have been attempted. But still failed with above errors

 

Based on the microcode reference: https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

 

========================================================================

dmesg | grep 'microcode'

[    0.000000] microcode: microcode updated early to revision 0x96, date = 2018-05-02

[    1.224122] microcode: sig=0x906ea, pf=0x20, revision=0x96

[    1.224898] microcode: Microcode Update Driver: v2.2.

========================================================================

 

Based on Ubuntu kernel update reference.

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

 

cat /sys/devices/system/cpu/vulnerabilities/l1tf

Mitigation: PTE Inversion

 

Ubuntu kernel information.

dpkg -l | grep linux-image

 

linux-image-4.15.0-32-generic              4.15.0-32.35~16.04.1 amd64        Signed kernel image generic

 
0 Kudos
1 Solution
BrianRichardson
Employee
660 Views

Unfortunately this isn't the correct support thread for this topic.

View solution in original post

0 Kudos
2 Replies
BrianRichardson
Employee
661 Views

Unfortunately this isn't the correct support thread for this topic.

0 Kudos
du__xin
Beginner
660 Views

Oh thank you for your reminder

Brian Richardson (Intel) wrote:

Unfortunately this isn't the correct support thread for this topic.

0 Kudos
Reply