Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1459 Discussions

curl to get pck certificates

Kishore_B_Intel
Employee
‎03-25-2024 05:12 PM
734 Views
Solved Jump to solution

Hi,

I am trying to run the Get PCK Certificates command mentioned in the below link to get the pck certificates on my EMR platform.

 

https://sbx.api.portal.trustedservices.intel.com/content/documentation.html#pcs-certificates-v4

 

 

curl -v -X GET "https://sbx.api.trustedservices.intel.com/sgx/certification/v4/pckcerts?encrypted_ppid={}&pceid={}" -H "Ocp-Apim-Subscription-Key: {subscription key}"

 

The command has 3 inputs if I understand correctly.

encrypted_ppid={ }

pceid={ }

subscription-key: { }

Can you tell me where to find the encrypted=ppid and pceid values for the above command?

I am seeing this error when ran the above command.

curl: (3) empty string within braces in URL position 89:
https://sbx.api.trustedservices.intel.com/sgx/certification/v4/pckcerts?encrypted_ppid={}&pceid={}

 

Thanks

Labels (3)
Labels:
0 Kudos
1 Solution
Scott_R_Intel
Employee
‎03-27-2024 11:53 AM
656 Views
Solved Jump to solution

Hello again.

 

You can actually run the PCK Cert ID retrieval tool in a guest to get the information you require.  The only thing you won't be able to get is the platform manifest.  This is only available to the host OS via UEFI variables.

 

Regards.

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Scott_R_Intel
Employee
‎03-25-2024 06:29 PM
710 Views
Solved Jump to solution

Hi Kishore_B.

 

You can use our PCK Cert ID Retrieval Tool to get the EncPPID and PCEID for your platform:

 

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/tools/PCKRetrievalTool

 

See the "Output File" section near the bottom to see how the .csv file that's created is formatted.

 

If interested, there is also our "PCCS Admin Tool" (python based) that can take that resulting .csv file as input and do the work to download PCK Certs for you:

 

https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/tools/PccsAdminTool

 

Regards.

0 Kudos
Copy link
Kishore_B_Intel
Employee
‎03-25-2024 06:41 PM
708 Views
Solved Jump to solution

Thank You for the information.

From what I understand, PCKRetrievalTool  can only be used on the host machine, not on the VM.  Is that correct?

If so, I cannot use this, because I am running on VMware OS/Hypervisor host, which does not have the support for the PCKRetrievalTool.

Since PCKRetrievalTool only supports Linux and Windows host.

I have the VM running on VMware OS/Hypervisor.

Is there any other way to get this?

Thank You in Advance.

Regards.

 

 

0 Kudos
Copy link
Scott_R_Intel
Employee
‎03-27-2024 11:53 AM
657 Views
Solved Jump to solution

Hello again.

 

You can actually run the PCK Cert ID retrieval tool in a guest to get the information you require.  The only thing you won't be able to get is the platform manifest.  This is only available to the host OS via UEFI variables.

 

Regards.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.