SGX invalid

[Jim8y]

My SGX becomes invalid after update my image from 4.15.0-64-generic to 4.15.0-65-generic

SGX is enabled in BIOS.

other information:

`
$ uname -a
Linux compass 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic

$ modinfo intel_sgx
filename: /lib/modules/4.15.0-65-generic/updates/dkms/intel_sgx.ko
license: Dual BSD/GPL
author: Jarkko Sakkinen jarkko.sakkinen@linux.intel.com
description: Intel SGX Driver
srcversion: 0253BC73E4B1968CF600DAD
alias: acpi*:INT0E0C:*
depends:
retpoline: Y
name: intel_sgx
vermagic: 4.15.0-65-generic SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo: md4
`
ERROR while run sampleenclave:
Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.
Enter a character before exit ...

[Jim8y]

SDK and drivers have been reinstalled many times.

[sergeay]

Maybe some details.
What was your configuration?
Can you dump the following:

dmesg | grep sgx
lsmod | grep sgx

[Jim8y]

Thank you for your reply:
$ dmesg | grep sgx
[ 2.298490] systemd[1]: Set hostname to .
[ 2.385683] intel_sgx: loading out-of-tree module taints kernel.
[ 2.385704] intel_sgx: module verification failed: signature and/or required key missing - tainting kernel
[ 2.385995] intel_sgx: intel_sgx: FLC feature is not supported on the platform!
[ 2.388495] Error: Driver 'intel_sgx' is already registered, aborting...
[ 2.388517] intel_sgx: intel_sgx: FLC feature is not supported on the platform!
$ lsmod | grep sgx
isgx 45056 0
intel_sgx 94208 0

Things just happen, even if the environment works, after rebooting, it goes back to be invalid.

[Jim8y]

Not sure whether it is really because of the kernel or not, I revert one machine to 4.15.0-29-generic, everything works fine now. But all my other machines that remain in 4.15.0.65-generic still could not communicate to SGX.

[andyzyb]

$ lsmod | grep sgx
isgx 45056 0
intel_sgx 94208 0

@Liaojinghui from above message, looks you have loaded 2 SGX driver and it will cause the issue. Would you please clean them up and only install one driver?

[Jim8y]

$ lsmod | grep sgx
isgx 45056 0
intel_sgx 94208 0

@Liaojinghui from above message, looks you have loaded 2 SGX driver and it will cause the issue. Would you please clean them up and only install one driver?

Sorry for the delay, I just noticed your reply. Could you please tell me how to clean up the sgx driver? ? Will these commands work?:
$ sudo /sbin/modprobe -r isgx $ sudo rm -rf "/lib/modules/"uname -r"/kernel/drivers/intel/sgx" $ sudo /sbin/depmod $ sudo /bin/sed -i '/^isgx$/d' /etc/modules

[andyzyb]

Yes, please try the uninstallation procedure to remove the driver.

[Jim8y]

Yes, please try the uninstallation procedure to remove the driver.

Thank you for your answer. I tried, actually, I tried to execute these commands many times, and reinstall the sdk, psw and driver many times, it won't work. Is there any way to cleanly remove everything related to the SGX out of the system and re-start all over?

[andyzyb]

I am not sure why it doesn't work. Is it possible to have a clean OS to retry?

[Jim8y]

I am not sure why it doesn't work. Is it possible to have a clean OS to retry?

Thank you for your patience and kind help, finally, it works. I don't know where that intel_sgx.ko comes from, but only by deleting it could make my SGX work again. Even removing isgx could not help. Stucked here for so long and finally I am free from this. Thank you!