Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SuperServer 5019S-MR does not support trusted services #24

Closed
mitar opened this issue Jun 12, 2017 · 12 comments
Closed

SuperServer 5019S-MR does not support trusted services #24

mitar opened this issue Jun 12, 2017 · 12 comments

Comments

@mitar
Copy link

mitar commented Jun 12, 2017

As described to me by SuperMicro representative:

it is HW limitation as the X11SSH-F MB is loading with SPS Server Firmware, not ME Firmware

Because of that you do not get /dev/mei0 service and for Linux it means you do not get trusted services.

I reported it here as well: intel/linux-sgx#114
@mitar mitar changed the title SuperServer 5019S-MR does not suport trusted services SuperServer 5019S-MR does not support trusted services Jun 12, 2017
@ayeks
Copy link
Owner

ayeks commented Jun 13, 2017
edited
Loading

Thanks for the further information. However, is it still possible to execute SGX and use the trusted services with the older firmware 1.0b as you mentioned in issue #6 ?

@mitar
Copy link
Author

mitar commented Jun 13, 2017

SGX is possible, but trusted services are not. :-(

@mitar
Copy link
Author

mitar commented Jun 13, 2017

I have not tried to run proper enclave outside of simulation mode yet on the device, so I am not sure if lack of trusted services also means you cannot really even spawn a real enclave.

@ayeks
Copy link
Owner

ayeks commented Jun 16, 2017

Okay, without the trusted servers you cannot run the launch enclave which creates the launch keys for your own enclaves. I moved the board to another table in commit 9b141bd.
To my knowledge the only available SGX-capable server today is the Intel SGX server block.
Thanks for your information!

@ayeks ayeks closed this as completed Jun 16, 2017
@mitar
Copy link
Author

mitar commented Jun 16, 2017

Yes. :-(

@jethrogb
Copy link

jethrogb commented Jun 22, 2017
edited
Loading

Are you using the 1.0b BIOS? I'm getting /dev/mei0 just fine

Edit: only on some machines for some reason. Might have to do with ME firmware version as well?

@mitar
Copy link
Author

mitar commented Jun 22, 2017

Yes, 1.0b BIOS. But maybe it is ME firmware. Maybe because I upgraded my BIOS first to 2.0 and then downgraded to 1.0b?

@mitar
Copy link
Author

mitar commented Jun 23, 2017

@jethrogb Have you found any differences between versions of ME firmware on your machines? Or maybe Linux kernel versions?

@jethrogb
Copy link

I don't know how to figure out ME version on a running system.

@jethrogb
Copy link

This configuration has an mei0 device:

BIOS Version                              2.0b
Build Date                                07/27/2017
CPLD Version                              02.b1.02

Intel Server Platform Services Configuration

ME BIOS Interface Ver                     1.2
SPS Version                               4.0.3.96

This does not:

BIOS Version                              2.0b
Build Date                                07/27/2017
CPLD Version                              02.b1.02

Intel Server Platform Services Configuration

ME BIOS Interface Ver                     1.2
SPS Version                               4.1.3.22

@jethrogb jethrogb mentioned this issue Aug 22, 2017
Closed
@mitar
Copy link
Author

mitar commented Aug 22, 2017

Ooo. So SPS version is the culprit. How to downgrade? :-(

@ltinerary
Copy link

This configuration has an mei0 device

What command should I run to see this output?
Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mitar @jethrogb @ayeks @ltinerary