- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Intel
When i run sgx-ra-sample ,the client return "sgx_ra_get_msg1: 00000001".I plowed through the code and found that it was a misinformation in the msg1 data structure that caused function of sgx_ra_get_msg1 to fail which was due to a context structure error,the debug information as follow.
the sp.exe:
C:\Users\fcfc\Downloads\sgx-ra-sample-master\sgx-ra-sample-master\vs\x64\Debug>sp -v --spid 976D********************A43F25624 --ias-signing-cafile=C:/Users/fcfc/Downloads/Intel_SGX_Attestation_RootCA.pem --mrsigner=bd71c6380ef****************************************ff2443d95bd --isv-product-id=0 --min-isv-svn=1 --ias-pri-api-key=12b38***************e5efd41a23fade --ias-sec-api-key=bb95faf7d***************98187cc7 --linkable --no-proxy
Listening for connections on port 7777
Waiting for a client to connect...
Connection from ::1
Waiting for msg0||msg1
protocol error reading msg0||msg1
error processing msg1
Waiting for a client to connect...
the client.exe:
C:\Users\fcfc\Downloads\sgx-ra-sample-master\sgx-ra-sample-master\vs\x64\Debug>client -s 976DC********************3F25624 -d -l -v
Enclave ID: 0000025E63600000
+++ using default public key
---- Msg0 Details ----------------------------------------------------------
Extended Epid Group ID: 00000000
----------------------------------------------------------------------------
sgx_ra_get_msg1: 00000001
---- Msg1 Details ----------------------------------------------------------
msg1.g_a.gx = cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
msg1.g_a.gy = cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
msg1.gid = cccccccc
----------------------------------------------------------------------------
---- Copy/Paste Msg0||Msg1 Below to SP -------------------------------------
the setting.cmd:
:: NOTE: This file uses Windows batch file syntax because it is
:: executed via CALL from run-client.cmd and run-server.cmd
::======================================================================
:: Global options
::======================================================================
:: Set to non-zero to query the production IAS instead of development.
:: Note that the SPID and certificate are different for production
:: and development, so if you change this you'll need to change them,
:: too.
SET RA_QUERY_IAS_PRODUCTION=0
:: Your Service Provider ID. This should be a 32-character hex string.
:: [REQUIRED]
SET RA_SPID=976DC4*************************A43F25624
:: Set to a non-zero value if this SPID is associated with linkable
:: quotes. If you change this, you'll need to change SPID,
:: IAS_PRIMARY_SUBSCRIPTION_KEY and IAS_SECONDARY_SUBSCRIPTION_KEY too.
SET RA_LINKABLE=1
::======================================================================
:: Client options
::======================================================================
:: Set to non-zero to have the client generate a random nonce.
SET RA_RANDOM_NONCE=1
:: Set to non-zero to have the client generate a platform manifest.
:: This requires a PSE session, and thus support for platform
:: services.
::
:: (Note that server hardware does not have platform servces)
SET RA_USE_PLATFORM_SERVICES=0
::======================================================================
:: Service provider (server) options
::======================================================================
:: Intel Attestation Service Primary Subscription Key
:: More Info: https://api.portal.trustedservices.intel.com/EPID-attestation
:: Associated SPID above is required
SET RA_IAS_PRIMARY_SUBSCRIPTION_KEY=12b38b********************23fade
:: Intel Attestation Service Secondary Subscription Key
:: This will be used in case the primary subscription key does not work
SET RA_IAS_SECONDARY_SUBSCRIPTION_KEY=bb95fa*****************914d98187cc7
:: The Intel IAS SGX Report Signing CA file. You are sent this certificate
:: when you apply for access to SGX Developer Services at
:: http://software.intel.com/sgx [REQUIRED]
SET RA_IAS_REPORT_SIGNING_CA_FILE=C:/Users/fcfc/Downloads/Intel_SGX_Attestation_RootCA.pem
:: Set to the URL for your proxy server to force the use of a proxy
:: when communicating with IAS (overriding any environment variables).
:: SET RA_IAS_PROXY_URL=
:: Set to non-zero to disable the use of a proxy server and force a
:: direct connection when communicating with IAS (overriding any
:: environment variables).
:: SET RA_IAS_DISABLE_PROXY=0
::======================================================================
:: Debugging options
::======================================================================
:: Set to non-zero for verbose output
SET RA_VERBOSE=1
:: Set to non-zero for debugging output
SET RA_DEBUG=1
I don't know why my code structured is differently than github, my "setting. cmd" "run-server.exe" "run-client.exe " are not in the /vs/x64/debug directory,my OS is windows10 and openssl version is 1.1.1l.
Thanks and best regards,
chenc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question
Cordially,
Iffa
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The error "sgx_ra_get_msg1: 00000001" was previously known to occur due to incorrect CPU selection.
Please make sure to choose the correct CPU and ensure you have installed the latest BIOS (Run dmidecode to see details about your BIOS).
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,Iffa
thanks for your help,i also try used Ubuntu 20.04 to build this code in same compute,when i run /opt/intel/sgxsdk/Samplecode/Remoteattestation
root@you:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# ./app
First round, we will try ECDSA algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...
and i run sgx-ra-sample the error information about "sgx_ra_get_msg1: 00004006",but i installed the latest sgxsdk and sgxpsw.
The BIOS detail information as follow:
# dmidecode 3.3 Getting SMBIOS data from sysfs. SMBIOS 3.2.0 present. Handle 0x0000, DMI type 0, 26 bytes BIOS Information Vendor: LENOVO Version: M31KT2DA Release Date: 03/20/2023 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: PCI is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported BIOS ROM is socketed EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 1.45 Handle 0x006A, DMI type 13, 22 bytes BIOS Language Information Language Description Format: Long Installable Languages: 3 en|US|iso8859-1 fr|FR|iso8859-1 zh|CN|unicode Currently Installed Language: zh|CN|unicode
Thanks and best regards,
chenc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,Iffa
thanks for your help,i also try used Ubuntu 20.04 to build this code in same compute,when i run /opt/intel/sgxsdk/Samplecode/Remoteattestation
root@you:/opt/intel/sgxsdk/SampleCode/RemoteAttestation# ./app
First round, we will try ECDSA algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...
and i run sgx-ra-sample the error information about "sgx_ra_get_msg1: 00004006",but i installed the latest sgxsdk and sgxpsw.
The BIOS detail information as follow:
# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.
Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
Vendor: LENOVO
Version: M31KT2DA
Release Date: 03/20/2023
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16 MB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 1.45
Handle 0x006A, DMI type 13, 22 bytes
BIOS Language Information
Language Description Format: Long
Installable Languages: 3
en|US|iso8859-1
fr|FR|iso8859-1
zh|CN|unicode
Currently Installed Language: zh|CN|unicode
Thanks and best regards,
chenc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
this is likely a BIOS issue. Please contact your BIOS manufacturer, provide them with the info you have already gathered, and work with them to receive an updated BIOS with the required fixes.
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,Iffa
thanks for your help,i was install latest BIOS driver,still can't solve this problem,Is it related to my CUP? I was use 10th core-i7.
Thanks and best regards,
chenc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
as mentioned previously,
you need to contact your BIOS manufacturer and work with them for required fixes.
Cordially,
Iffa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question
Cordially,
Iffa
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page