SGX-hardware report "SGX is available for your CPU and enabled in BIOS" but can't run Remote Attestation sample

[jasl]

Hi I've a MS-EARTHSHAKER H310M-VH (a very cheap motherboard) with Core i5 8400, SGX-hardware report:

eax: 906ea ebx: 6100800 ecx: 7ffafbbf edx: bfebfbff
stepping 10
model 14
family 6
processor type 0
extended model 9
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c67af ecx: 40000000 edx: 9c000000
sgx available: 1

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1f edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 50200001 ebx: 0 ecx: 5d80001 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

I think this means "SGX is available for your CPU and enabled in BIOS" and I installed latest pre-built SGX driver, PSW and SDK on a fresh Ubuntu 18.04.1.

Then I ran sample codes which SDK provides, it works well except Remote Attestation sample,
the output is:

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0 
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_create_enclave success.
Call enclave_init_ra success.
sgx_ra_get_msg1 returns 4006
Error, call sgx_ra_get_msg1 fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

I slightly modified the sample to exposing sgx_ra_get_msg1 return code, 4006 (SGX_ERROR_UPDATE_NEEDED) means Intel® SGX needs to be updated. (according to Error Codes)

I've googled SGX_ERROR_UPDATE_NEEDED or Intel® SGX needs to be updated. but not found any case, do you or someone report to you this situation? does it relates to BIOS?

[ayeks]

Thanks for your contribution!

Regarding the SGX_ERROR_UPDATE_NEEDED when running the remote attestation sample: I never tried remote attestation nor I heard of anyone actively using it or having problems with it. I did a quick search on the Intel Forums and found this thread. It looks like this error is the result of unpatched systems because of the Meltdown / Spectre vulnerabilities. If any patches are available for your mainboard, you should apply them.

Please comment if you were able to remediate the issue or you got some official no-fix response from Intel or Maxsun.

[jasl]

Hi we just asked Intel for help, here's the respond intel/linux-sgx#329

So SGX_ERROR_UPDATE_NEEDED means BIOS microcode is outdated and waiting an update.

Sadly, MAXSUN didn't release newer BIOS, and we bought an ASUS TUF B360M-PLUS GAMING, and it works great.

[ayeks]

Thanks for that information!