apache
DCAP Error
Any ideas why the DCAP sample isn't working out of the box?
I'm using with the recommended docker image. Maybe this doesn't have all the binaries needed to run this same?
root@7006db9d90eb:~/sgx/samplecode/dcap-pckretrieval# make
Finished release [optimized] target(s) in 0.00s
Cargo => bin/libdcap_quoteprov.so.1
Compiling PCKIDRetrievalTool v1.0.0 (/root/sgx/samplecode/dcap-pckretrieval/app)
error[E0133]: call to unsafe function is unsafe and requires unsafe function or block
--> src/main.rs:158:14
|
158 | let _l = libloading::Library::new("./libdcap_quoteprov.so.1").unwrap();
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
|
= note: consult the function's documentation for information on how to avoid undefined behavior
error: aborting due to previous error
For more information about this error, try `rustc --explain E0133`.
error: could not compile `PCKIDRetrievalTool`
@dingelish Slightly confused, do I need to install the binaries listed here https://github.com/intel/SGXDataCenterAttestationPrimitives in order to get Quote attestation working?
please refer to the readme for setup :-) https://github.com/apache/incubator-teaclave-sgx-sdk/blob/master/samplecode/dcap-pckretrieval/Readme.md
for the apt commands, since intel just released 2.13, i recommend force the version number by
sudo apt install libsgx-dcap-ql=1.9.100.3-bionic1 libsgx-ae-qve=1.9.100.3-bionic1 libsgx-dcap-quote-verify=1.9.100.3-bionic1
1.9.100.3 is the one currently supported by this sdk (v1.1.3)
@dingelish I'm running https://ark.intel.com/content/www/us/en/ark/products/97472/intel-core-i5-7300u-processor-3m-cache-up-to-3-50-ghz.html.
Is it confirmed that this processor is not supported?
I think i5-7300u does not support DCAP, which requires Flexible Launch Control (a hardware feature).
@dingelish Would the vanilla EPID remote attestation work with this processor?