ego
ego copied to clipboard
Remote attestation fails
Issue description
I have set up a self-hosted PCCS according to the instructions provided in EGo docs (https://docs.edgeless.systems/ego/#/reference/attest), I try to launch the example of remote attestation (https://github.com/edgelesssys/ego/tree/master/samples/remote_attestation). When launching the server I get the following output:
EGo v1.0.0 (f1255317ec583ed72947f65d83881a0e46ad1ed8)
[erthost] loading enclave ...
[erthost] entering enclave ...
[ego] starting application ...
[get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
ERROR: quote3_error_t=SGX_QL_NO_PLATFORM_CERT_DATA
(oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
ERROR: SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [openenclave-src/enclave/sgx/attester.c:_get_report:324]
OE_PLATFORM_ERROR
listening ...
Hi, Does the PCCS show any output when you launch the sample server?
This might be a bit silly question, but how could I view the PCCS output?
If you followed the instructions of the EGo docs, you should be able to view it with docker logs pccs
Thanks, this is the response I'm getting when launching the server:
2022-08-03 10:45:57.037 [info]: Client Request-ID : a739b54e8173483892e2a7ea070817fe
2022-08-03 10:45:57.951 [info]: Request-ID is : undefined
2022-08-03 10:45:57.951 [error]: Error: No cache data for this platform.
at Proxy.getPckCertFromPCS (/opt/intel/pccs/services/logic/commonCacheLogic.js:86:11)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async LazyCachingMode.getPckCertFromPCS (/opt/intel/pccs/services/caching_modes/cachingMode.js:126:12)
at async Proxy.getPckCert (/opt/intel/pccs/services/pckcertService.js:115:16)
at async getPckCert (/opt/intel/pccs/controllers/pckcertController.js:77:25)
2022-08-03 10:45:57.953 [info]: 172.17.0.1 - - [03/Aug/2022:10:45:57 +0000] "GET /sgx/certification/v3/pckcert?qeid=19B1A207E4DD53A2D4D821DEAB6ACEA1&encrypted_ppid=7F53DFED48C4A2C87596DD384A68A0D211E16DBE50F48E79B1E4F154C721BC4E2D1070A921A02F770A7D2A4DCE2A202BF2A76CB0A4BE52640A5BFC06A4BFB36860A3D68662FF4B58533C87156672ADDFF1B38C5E82B248C531B537D14F19F7428A5AC77444AA99A33B791B43FCE5C4E40CC1FDAE7D0A432624D3ABE5239C1664C5E3413D04F068CF6529A92D15A2F64459885564A84B847E27497E637F5682BECC913155D9E36F8FD747FB8A2F1BE933548C671355F91B949400BFE95B0981646FE004F208E33E8B8A73E7C7E6CBD4D143651EE5D32C27CDCEEAD73748EB4540D10975BFCDBD29F5F311A97DC962E64642281BE5803636DD32B3F9228A9B092A2CDA0C9566961B38359E3B0ABB42C8C120CD837D10AFF04C6F4712997B1695DCB6D4FD23F2FFA1BE3E34E93153FBF55060D7EEF9CBEE6FB806B3E3322CF5E4B80664DADA77ADF033C6B7A692C591424361B56AB6A0E12EB340C1AEFA0FEB3E0DE2060C00BB3A73E60D5CE01CADD20A76F15E2732EE3F8E10789F9800B0F89747&cpusvn=05050000000000000000000000000000&pcesvn=0D00&pceid=0000 HTTP/1.1" 404 32 "-" "-"
Are you running on some cloud or on a local machine?
On a machine in my organization
According to https://www.intel.com/content/www/us/en/support/articles/000059239/software/intel-security-products.html you need to update the BIOS to the latest version.
Alright, I'll contact my system administrator about the BIOS update and check back if that resolves the issue
The BIOS has been updated to the latest version, but the issue remains the same
As this is an error of the Intel PCCS or PCS, you may ask at their support forum. But it seems that the answer is always to update the BIOS: https://community.intel.com/t5/forums/searchpage/tab/message?q=%22No%20cache%20data%20for%20this%20platform%22&location=forum-board:software-guard-extensions
@EErikas Please run https://github.com/edgelesssys/sgx-troubleshoot and copy and paste the full output. Maybe I can then identify what might be wrong.
The output is the following:
SGX troubleshooter by Edgeless Systems (build timestamp: 1660496020)
/etc/sgx_default_qcnl.conf
{
// *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
//PCCS server address
"pccs_url": "https://localhost:8081/sgx/certification/v3/",
// To accept insecure HTTPS certificate, set this option to false
"use_secure_cert": false,
// You can use the Intel PCS or another PCCS to get quote verification collateral. Retrieval of PCK
// Certificates will always use the PCCS described in PCCS_URL. When COLLATERAL_SERVICE is not defined, both
// PCK Certs and verification collateral will be retrieved using PCCS_URL
//"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v3/",
// If you use a PCCS service to get the quote verification collateral, you can specify which PCCS API version is to be used.
// The legacy 3.0 API will return CRLs in HEX encoded DER format and the sgx_ql_qve_collateral_t.version will be set to 3.0, while
// the new 3.1 API will return raw DER format and the sgx_ql_qve_collateral_t.version will be set to 3.1. The PCCS_API_VERSION
// setting is ignored if COLLATERAL_SERVICE is set to the Intel PCS. In this case, the PCCS_API_VERSION is forced to be 3.1
// internally. Currently, only values of 3.0 and 3.1 are valid. Note, if you set this to 3.1, the PCCS use to retrieve
// verification collateral must support the new 3.1 APIs.
"pccs_api_version": "3.0",
// Maximum retry times for QCNL. If RETRY is not defined or set to 0, no retry will be performed.
// It will first wait one second and then for all forthcoming retries it will double the waiting time.
// By using RETRY_DELAY you disable this exponential backoff algorithm
"retry_times": 6,
// Sleep this amount of seconds before each retry when a transfer has failed with a transient error
"retry_delay": 10,
// If LOCAL_PCK_URL is defined, the QCNL will try to retrieve PCK cert chain from LOCAL_PCK_URL first,
// and failover to PCCS_URL as in legacy mode.
//"local_pck_url": "http://localhost:8081/sgx/certification/v3/",
// If LOCAL_PCK_URL is not defined, the QCNL will cache PCK certificates in memory by default.
// The cached PCK certificates will expire after PCK_CACHE_EXPIRE_HOURS hours.
"pck_cache_expire_hours": 168
// You can add custom request headers and parameters to the get certificate API.
// But the default PCCS implementation just ignores them.
//,"custom_request_options" : {
// "get_cert" : {
// "headers": {
// "head1": "value1"
// },
// "params": {
// "param1": "value1",
// "param2": "value2"
// }
// }
//}
}
lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 122
Model name: Intel(R) Pentium(R) Silver J5040 CPU @ 2.00GHz
Stepping: 8
CPU MHz: 713.880
CPU max MHz: 3200.0000
CPU min MHz: 800.0000
BogoMIPS: 3993.60
Virtualization: VT-x
L1d cache: 96 KiB
L1i cache: 128 KiB
L2 cache: 4 MiB
NUMA node0 CPU(s): 0-3
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust sgx smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts umip rdpid sgx_lc md_clear arch_capabilities
sh -c dmesg | grep microcode
[ 0.799360] microcode: sig=0x706a8, pf=0x1, revision=0x20
[ 0.799600] microcode: Microcode Update Driver: v2.2.
sh -c lsmod | grep -i sgx
exit status 1
sh -c dmesg | grep -i sgx
[ 0.370516] sgx: EPC section 0x70200000-0x75ffffff
[ 3.509435] systemd[1]: Set hostname to <sgx-nuc5>.
service aesmd status
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-08-11 10:07:24 UTC; 3 days ago
Main PID: 864 (aesm_service)
Tasks: 4 (limit: 8896)
Memory: 15.6M
CGroup: /system.slice/aesmd.service
└─864 /opt/intel/sgx-aesm-service/aesm/aesm_service
Warning: some journal files were not opened due to insufficient permissions.
sh -c apt list --installed | grep -e sgx -e dcap
libsgx-ae-epid/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-id-enclave/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-le/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-pce/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-qe3/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-qve/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-ecdsa-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-epid-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-launch-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-pce-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-quote-ex-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-dcap-default-qpl/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql-dev/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-dcap-quote-verify/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-enclave-common/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-headers/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-launch/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-pce-logic/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-qe3-logic/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-quote-ex/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-urts/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
sgx-aesm-service/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
stdbuf -oL ./testapp_host enclave.signed
CPUSVN: 07070000000000000000000000000000
[error_driver2api sgx_enclave_common.cpp:261] Enclave not authorized to run, .e.g. provisioning enclave hosted in app without access rights to /dev/sgx_provision. You need add the user id to group sgx_prv or run the app as root.
[load_pce ../pce_wrapper.cpp:188] Error, call sgx_create_enclave for PCE fail [load_pce], SGXError:4004.
2022-08-15T08:06:09+0000.600215Z [(H)ERROR] tid(0x7fc8a0433280) | quote3_error_t=SGX_QL_INTERFACE_UNAVAILABLE
(oe_result_t=OE_PLATFORM_ERROR) [/openenclave/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
2022-08-15T08:06:09+0000.600253Z [(H)ERROR] tid(0x7fc8a0433280) | :OE_PLATFORM_ERROR [/openenclave/host/sgx/quote.c:sgx_get_qetarget_info:37]
2022-08-15T08:06:09+0000.600348Z [(E)ERROR] tid(0x7fc8a0433280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:oe_get_remote_report:283]
2022-08-15T08:06:09+0000.600373Z [(E)ERROR] tid(0x7fc8a0433280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:_oe_get_report_internal:388]
2022-08-15T08:06:09+0000.600389Z [(E)ERROR] tid(0x7fc8a0433280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:oe_get_report_v2_internal:443]
2022-08-15T08:06:09+0000.600411Z [(E)ERROR] tid(0x7fc8a0433280) | enclave.signed:SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [/openenclave/enclave/sgx/attester.c:_get_report:324]
2022-08-15T08:06:09+0000.600430Z [(E)ERROR] tid(0x7fc8a0433280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/sgx/report.c:oe_get_report_v2:192]
ERROR: get remote report: OE_PLATFORM_ERROR
stdbuf -oL ./testapp_host enclave.signed
CPUSVN: 07070000000000000000000000000000
[error_driver2api sgx_enclave_common.cpp:261] Enclave not authorized to run, .e.g. provisioning enclave hosted in app without access rights to /dev/sgx_provision. You need add the user id to group sgx_prv or run the app as root.
[load_pce ../pce_wrapper.cpp:188] Error, call sgx_create_enclave for PCE fail [load_pce], SGXError:4004.
2022-08-15T08:06:09+0000.761454Z [(H)ERROR] tid(0x7fd6406e6280) | quote3_error_t=SGX_QL_INTERFACE_UNAVAILABLE
(oe_result_t=OE_PLATFORM_ERROR) [/openenclave/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
2022-08-15T08:06:09+0000.761490Z [(H)ERROR] tid(0x7fd6406e6280) | :OE_PLATFORM_ERROR [/openenclave/host/sgx/quote.c:sgx_get_qetarget_info:37]
ERROR: get remote report: OE_PLATFORM_ERROR
docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave_debug.signed
docker: unknown server OS: .
See 'docker run --help'.
docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave.signed
docker: unknown server OS: .
See 'docker run --help'.
CPU name Intel(R) Pentium(R) Silver J5040 CPU @ 2.00GHz
CPU supports SGX true
CPU supports SGX-FLC true
SGX enabled in BIOS/Hypervisor true
SGX2 true
EPC size MiB 94
SMT/Hyper-threading false
uname Linux sgx-nuc5 5.15.0-43-generic #46~20.04.1-Ubuntu SMP Thu Jul 14 15:20:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Cloud
/dev mount options rw,nosuid,relatime,size=3795992k,nr_inodes=948998,mode=755,inode64
Current user erikas
Users of group sgx_prv aesmd
AESM status active
AESM socket Srwxrwxrwx
Value of SGX_AESM_ADDR (not set)
PCCS URL https://localhost:8081/sgx/certification/v3/
PCCS use secure cert false
PCSS API version 3.0
PCCS connection 200 OK (certificate verification failure has been ignored)
sys_vendor Intel(R) Client Systems
board_vendor Intel Corporation
board_name NUC7JYB
board_version M37329-600
bios_vendor Intel Corp.
bios_version JYGLKCPX.86A.0068.2022.0608.1913
bios_date 06/08/2022
bios_release 5.13
/dev drwxr-xr-x
/dev/sgx drwxr-xr-x
/dev/sgx_enclave Dcrw-rw-rw-
/dev/sgx/enclave Lrwxrwxrwx ../sgx_enclave
/dev/sgx_provision Dcrw-rw----
/dev/sgx/provision Lrwxrwxrwx ../sgx_provision
/dev/isgx lstat /dev/isgx: no such file or directory
Debug enclave exit code 8 (attestation failed: get_remote_report)
Debug enclave CPUSVN 07070000000000000000000000000000
Debug enclave TCB status Unknown (unknown status)
Production enclave exit code 8 (attestation failed: get_remote_report)
Production enclave CPUSVN 07070000000000000000000000000000
Production enclave TCB status Unknown (unknown status)
Debug Docker enclave exit code 125 (unknown)
Debug Docker enclave TCB status Unknown (unknown status)
Production Docker enclave exit code 125 (unknown)
Production Docker enclave TCB status Unknown (unknown status)
Quote providers:
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so => /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1 => /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
Please add your current user to the sgx_prv group with
sudo usermod -aG sgx_prv $USER
Then logout and login again and run the tool again.
Did that, this is the new output:
SGX troubleshooter by Edgeless Systems (build timestamp: 1660496020)
/etc/sgx_default_qcnl.conf
{
// *** ATTENTION : This file is in JSON format so the keys are case sensitive. Don't change them.
//PCCS server address
"pccs_url": "https://localhost:8081/sgx/certification/v3/",
// To accept insecure HTTPS certificate, set this option to false
"use_secure_cert": false,
// You can use the Intel PCS or another PCCS to get quote verification collateral. Retrieval of PCK
// Certificates will always use the PCCS described in PCCS_URL. When COLLATERAL_SERVICE is not defined, both
// PCK Certs and verification collateral will be retrieved using PCCS_URL
//"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v3/",
// If you use a PCCS service to get the quote verification collateral, you can specify which PCCS API version is to be used.
// The legacy 3.0 API will return CRLs in HEX encoded DER format and the sgx_ql_qve_collateral_t.version will be set to 3.0, while
// the new 3.1 API will return raw DER format and the sgx_ql_qve_collateral_t.version will be set to 3.1. The PCCS_API_VERSION
// setting is ignored if COLLATERAL_SERVICE is set to the Intel PCS. In this case, the PCCS_API_VERSION is forced to be 3.1
// internally. Currently, only values of 3.0 and 3.1 are valid. Note, if you set this to 3.1, the PCCS use to retrieve
// verification collateral must support the new 3.1 APIs.
"pccs_api_version": "3.0",
// Maximum retry times for QCNL. If RETRY is not defined or set to 0, no retry will be performed.
// It will first wait one second and then for all forthcoming retries it will double the waiting time.
// By using RETRY_DELAY you disable this exponential backoff algorithm
"retry_times": 6,
// Sleep this amount of seconds before each retry when a transfer has failed with a transient error
"retry_delay": 10,
// If LOCAL_PCK_URL is defined, the QCNL will try to retrieve PCK cert chain from LOCAL_PCK_URL first,
// and failover to PCCS_URL as in legacy mode.
//"local_pck_url": "http://localhost:8081/sgx/certification/v3/",
// If LOCAL_PCK_URL is not defined, the QCNL will cache PCK certificates in memory by default.
// The cached PCK certificates will expire after PCK_CACHE_EXPIRE_HOURS hours.
"pck_cache_expire_hours": 168
// You can add custom request headers and parameters to the get certificate API.
// But the default PCCS implementation just ignores them.
//,"custom_request_options" : {
// "get_cert" : {
// "headers": {
// "head1": "value1"
// },
// "params": {
// "param1": "value1",
// "param2": "value2"
// }
// }
//}
}
lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 122
Model name: Intel(R) Pentium(R) Silver J5040 CPU @ 2.00GHz
Stepping: 8
CPU MHz: 900.000
CPU max MHz: 3200.0000
CPU min MHz: 800.0000
BogoMIPS: 3993.60
Virtualization: VT-x
L1d cache: 96 KiB
L1i cache: 128 KiB
L2 cache: 4 MiB
NUMA node0 CPU(s): 0-3
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acp
i mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_per
fmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni p
clmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2ap
ic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault c
at_l2 cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid e
pt_ad fsgsbase tsc_adjust sgx smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_n
i xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts umip rdpid sgx_lc md_clear arc
h_capabilities
sh -c dmesg | grep microcode
[ 0.799360] microcode: sig=0x706a8, pf=0x1, revision=0x20
[ 0.799600] microcode: Microcode Update Driver: v2.2.
sh -c lsmod | grep -i sgx
exit status 1
sh -c dmesg | grep -i sgx
[ 0.370516] sgx: EPC section 0x70200000-0x75ffffff
[ 3.509435] systemd[1]: Set hostname to <sgx-nuc5>.
service aesmd status
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-08-11 10:07:24 UTC; 3 days ago
Main PID: 864 (aesm_service)
Tasks: 4 (limit: 8896)
Memory: 15.6M
CGroup: /system.slice/aesmd.service
└─864 /opt/intel/sgx-aesm-service/aesm/aesm_service
Warning: some journal files were not opened due to insufficient permissions.
sh -c apt list --installed | grep -e sgx -e dcap
libsgx-ae-epid/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-id-enclave/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-le/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-pce/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-qe3/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-qve/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-ecdsa-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-epid-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-launch-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-pce-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-aesm-quote-ex-plugin/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-dcap-default-qpl/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql-dev/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-dcap-quote-verify/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-enclave-common/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-headers/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-launch/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-pce-logic/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-qe3-logic/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-quote-ex/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-urts/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
sgx-aesm-service/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
stdbuf -oL ./testapp_host enclave.signed
CPUSVN: 07070000000000000000000000000000
[get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
2022-08-15T08:28:38+0000.925209Z [(H)ERROR] tid(0x7f032c210280) | quote3_error_t=SGX_QL_NO_PLATFORM_CERT_DATA
(oe_result_t=OE_PLATFORM_ERROR) [/openenclave/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
2022-08-15T08:28:38+0000.925261Z [(H)ERROR] tid(0x7f032c210280) | :OE_PLATFORM_ERROR [/openenclave/host/sgx/quote.c:sgx_get_qetarget_info:37]
2022-08-15T08:28:38+0000.925406Z [(E)ERROR] tid(0x7f032c210280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:oe_get_remote_report:283]
2022-08-15T08:28:38+0000.925456Z [(E)ERROR] tid(0x7f032c210280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:_oe_get_report_internal:388]
2022-08-15T08:28:38+0000.925477Z [(E)ERROR] tid(0x7f032c210280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/core/sgx/report.c:oe_get_report_v2_internal:443]
2022-08-15T08:28:38+0000.925523Z [(E)ERROR] tid(0x7f032c210280) | enclave.signed:SGX Plugin _get_report(): failed to get ecdsa report. OE_PLATFORM_ERROR (oe_result_t=OE_PLATFORM_ERROR) [/openenclave/enclave/sgx/attester.c:_get_report:324]
2022-08-15T08:28:38+0000.925544Z [(E)ERROR] tid(0x7f032c210280) | enclave.signed::OE_PLATFORM_ERROR [/openenclave/enclave/sgx/report.c:oe_get_report_v2:192]
ERROR: get remote report: OE_PLATFORM_ERROR
stdbuf -oL ./testapp_host enclave.signed
CPUSVN: 07070000000000000000000000000000
[get_platform_quote_cert_data ../qe_logic.cpp:378] Error returned from the p_sgx_get_quote_config API. 0xe011
2022-08-15T08:28:39+0000.501926Z [(H)ERROR] tid(0x7effd44b7280) | quote3_error_t=SGX_QL_NO_PLATFORM_CERT_DATA
(oe_result_t=OE_PLATFORM_ERROR) [/openenclave/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:706]
2022-08-15T08:28:39+0000.501957Z [(H)ERROR] tid(0x7effd44b7280) | :OE_PLATFORM_ERROR [/openenclave/host/sgx/quote.c:sgx_get_qetarget_info:37]
ERROR: get remote report: OE_PLATFORM_ERROR
docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave_debug.signed
docker: unknown server OS: .
See 'docker run --help'.
docker run --rm -t -v/var/run/aesmd:/var/run/aesmd --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/sgx-troubleshoot/testapp enclave.signed
docker: unknown server OS: .
See 'docker run --help'.
CPU name Intel(R) Pentium(R) Silver J5040 CPU @ 2.00GHz
CPU supports SGX true
CPU supports SGX-FLC true
SGX enabled in BIOS/Hypervisor true
SGX2 true
EPC size MiB 94
SMT/Hyper-threading false
uname Linux sgx-nuc5 5.15.0-43-generic #46~20.04.1-Ubuntu SMP Thu Jul 14 15:20:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Cloud
/dev mount options rw,nosuid,relatime,size=3795992k,nr_inodes=948998,mode=755,inode64
Current user erikas
Users of group sgx_prv aesmd erikas
AESM status active
AESM socket Srwxrwxrwx
Value of SGX_AESM_ADDR (not set)
PCCS URL https://localhost:8081/sgx/certification/v3/
PCCS use secure cert false
PCSS API version 3.0
PCCS connection 200 OK (certificate verification failure has been ignored)
sys_vendor Intel(R) Client Systems
board_vendor Intel Corporation
board_name NUC7JYB
board_version M37329-600
bios_vendor Intel Corp.
bios_version JYGLKCPX.86A.0068.2022.0608.1913
bios_date 06/08/2022
bios_release 5.13
/dev drwxr-xr-x
/dev/sgx drwxr-xr-x
/dev/sgx_enclave Dcrw-rw-rw-
/dev/sgx/enclave Lrwxrwxrwx ../sgx_enclave
/dev/sgx_provision Dcrw-rw----
/dev/sgx/provision Lrwxrwxrwx ../sgx_provision
/dev/isgx lstat /dev/isgx: no such file or directory
Debug enclave exit code 8 (attestation failed: get_remote_report)
Debug enclave CPUSVN 07070000000000000000000000000000
Debug enclave TCB status Unknown (unknown status)
Production enclave exit code 8 (attestation failed: get_remote_report)
Production enclave CPUSVN 07070000000000000000000000000000
Production enclave TCB status Unknown (unknown status)
Debug Docker enclave exit code 125 (unknown)
Debug Docker enclave TCB status Unknown (unknown status)
Production Docker enclave exit code 125 (unknown)
Production Docker enclave TCB status Unknown (unknown status)
Quote providers:
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so => /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1 => /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
/usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1.13.100.3
According to https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html, the NUC you are using may not be supported by DCAP. Although it supports FLC, everything is up-to-date and correctly configured, Intel's PCS may not serve data for it.
With a great deal of help from @srcman, we determined that I have used the wrong type of API key. The problem is that the PCCS image provided by edgelesssys didn't print error messages and we only figured this out by launching Intel PCCS from scratch which spew out this error:
"[error]: Intel PCS server returns error(401).{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription." }"
Therefore in future revisions of the PCCS image, we would suggest that the image would retain these error messages.
Thanks for letting us know the resolution. I can reproduce that given an invalid API key, our PCCS image doesn't print this error (or any other that would lead in the right direction), but the one you posted earlier. I don't know why, but will investigate and fix.
Seems that printing of the error from the PCS server in the PCCS was added only in DCAP 1.13, and improved a bit in DCAP 1.14, so using DCAP 1.14 in this PCCS image (which seems to be built from the Dockerfile in this repository) would fix it.
Thanks for your help. I updated the PCCS image and verified that it now prints the error message.