Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

PCK Certificate 404 Error & Failed to troubleshoot.

woogieboogie
Novice
195 Views

My previous post was flagged as spam, so I'm rewriting it without HTML-like formatting. I urgently need assistance with SGX2 on my server, specifically with obtaining PCK Certification via Intel's API.

 

 

1. PCK Certification Error: I'm facing a 404 error when trying to retrieve the PCK Certification. Here

woogieboogie_2-1716949357261.png

 

2. Environmental Info: Using the PCKIDRetrievalTool (version 1.21.100.3), I generated logs indicating network issues and successful CSV generation:

woogieboogie_3-1716949389534.png

 

 
 

3. Data Mapping: Parameters from the PCKIDRetrievalTool are used for further requests and are correctly mapped.

qeid(platform_manifest)=d762ff99f3181b5bb7a9f1899ac2c428 cpusvn=090d0f0effff00000000000000000000

pcesvn=0f00

pceid=0000 encrypted_ppid=7225cfda64fe9cce0d1d39771ebea53663c2a80c17983195a99416b1d38634c9dfe95c139adce8845b0fafb1ea30f7f23c600af4b506af7c6e2a7b2123d202e1b8c460740d8b623796be3c7bc28422e5e356a7fc3290832953caa802412b5043e9043a52c91e471dbbb0dc476f1b5c6120023be936bd898e99ec89e0cc7e6f1e9ba3b5a7503dd1a12632e124ab8cf561b3fd669a61b9146ebd433e35e6cef253e813252640c0c9fa32feb2a99e4efe5947c69cb66ad87c4c0577fa0c18b1678fd9072b1acf83d5fae465310130b92ffa9218bf3b67ae8544246308be470c09d48a034f735de5b5e1e332d6a7db3802b386341808bd4fb05d76be7194daf6a89e4630e0871a882b8d8cee942fa328bead6dd7d8cfb0550e48f354bffc4a787c163ad6180c7bf2eee296ddc3e518258ff4abe8828b173cb847c9b2739353b76742eee84623fdec8b312f9355df6b492d64822dc11a4cb9e06e06f5a7d5c5a91da5f00e8b25e2b9076a953a1dd3c86e9987c16bb6cf368991cc9094e40d97948210

 

4. Server Settings:

uname -a: Linux woogieboogie-Super-Server 6.5.0-26-generic #26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC... model name : Intel(R) Xeon(R) Gold 5317 CPU @ 3.00GHz
 
No VM, Physical, Baremetal Server on Root.
 
and,
rdmsr -f 27:27 0xCE returns '0'
 
 

5. Additional Attempts:

Platform registered successfully via mpa tool.

woogieboogie_0-1716949167965.png

Direct API call for 'multi-package registration' resulted in a syntax error:

woogieboogie_0-1716949285570.png

 

 
 

Request for Assistance: I have exhausted most troubleshooting steps, including considering a BIOS factory reset for SGX. Can someone from Intel confirm if there are errors in my approach to obtaining the PCK Certification and the FMSPC number? Issues with DCAP attestation may be related to platform registration problems.

Labels (5)
0 Kudos
1 Reply
Scott_R_Intel
Employee
99 Views

Hello.

 

It looks as though the platform isn't registered, even though MPA thinks it may be.  Please try an "SGX Factory Reset" in the BIOS and then check the MPA log again.  If it hasn't successfully directly registered with MPA, you will never be able to get a platform PCK Cert with only the EncPPID...  you would need the platform manifest.

 

Regards.

0 Kudos
Reply