Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote attestation not possible, request guidance #828

Open
urnotcoward opened this issue Apr 29, 2022 · 2 comments
Open

Remote attestation not possible, request guidance #828

urnotcoward opened this issue Apr 29, 2022 · 2 comments

Comments

@urnotcoward
Copy link

I have installed the sgx driver, SDK and PWS on the ubuntu20.04 system according to the guide, and the local enclave instance can proceed smoothly. However, the remote authentication in SampleCode cannot be completed, and the following error occurs.

wynn@wynn-ThinkCentre-E97:/opt/intel/sgxsdk/SampleCode/RemoteAttestation$ sudo ./app

First round, we will try ECDSA algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Enter a character before exit ...

aesmd.service Display the following information:
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-04-29 11:34:18 CST; 4h 39min ago
Main PID: 97154 (aesm_service)
Tasks: 4 (limit: 18702)
Memory: 2.7M
CGroup: /system.slice/aesmd.service
└─97154 /opt/intel/sgxpsw/aesm/aesm_service

4月 29 11:38:32 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning failed
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QCNL] Try remote service...
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QCNL] Request URL https://localhost:8081/sgx/certification/v3/pckcert?qeid=55C424A06FD1E8127BCD65D9B88AD98E&encrypted_ppid=547396146EFB350309>
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [QPL] Failed to get quote config. Error code is 0xb00d
4月 29 16:13:29 wynn-ThinkCentre-E97 aesm_service[97154]: [get_platform_quote_cert_data ../qe_logic.cpp:377] Error returned from the p_sgx_get_quote_config API. 0xe046
4月 29 16:13:32 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning initiated
4月 29 16:13:36 wynn-ThinkCentre-E97 aesm_service[97154]: The Request ID is 52c1925d84e14d0e9e0399dddd0fe9ac
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: The Request ID is c1e762de64a34d47bd526843e4897fd5
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning protocol error reported by Backend (9)
4月 29 16:13:37 wynn-ThinkCentre-E97 aesm_service[97154]: [ADMIN]EPID Provisioning failed
~
Please professional and experienced friends to answer my questions
sincerely for reply!!!
@zeefine
Copy link

zeefine commented May 3, 2022
edited

I also can't run the RemoteAttestation in SampleCode on the ubuntu20.04 .

./app:
First round, we will try ECDSA algorithm.

Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}

Sending msg0 to remote attestation service provider.

Sent MSG0 to remote attestation service.

Call sgx_select_att_key_id success.
Call sgx_create_enclave success.
Call enclave_init_ra success.
Error, call sgx_ra_get_msg1_ex fail [main].
Call enclave_ra_close success.
Second round, we will try EPID algorithm.

Error, call sgx_get_extended_epid_group_id fail [main].

aesmd.service :
● aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-03 20:02:51 CST; 1h 16min ago
Main PID: 7342 (aesm_service)
Tasks: 4 (limit: 18827)
Memory: 2.4M
CGroup: /system.slice/aesmd.service
└─7342 /opt/intel/sgx-aesm-service/aesm/aesm_service

systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
usermod[7328]: add 'aesmd' to group 'sgx_prv'
usermod[7328]: add 'aesmd' to shadow group 'sgx_prv'
aesm_service[7341]: aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
aesm_service[7342]: [get_qpl_handle ../qe_logic.cpp:293] Cannot open Quote Provider Library libdcap_quoteprov.so.1 and libdcap_quoteprov.so
aesm_service[7342]: The server sock is 0x55ecf5608310
aesm_service[7342]: [get_platform_quote_cert_data ../qe_logic.cpp:377] Error returned from the p_sgx_get_quote_config API. 0xe046
aesm_service[7342]: [get_platform_quote_cert_data ../qe_logic.cpp:377] Error returned from the p_sgx_get_quote_config API. 0xe046

I installed SDK and PSW by the source code, not the bin file. Then I can run it successfully.

@pullp
Copy link

pullp commented May 8, 2022

ECDSA-based remote attestation needs to access a PCCS Service when verifying the quote. So you can launch a local PCCS service and then modify PCCS_URL in /etc/sgx_default_ancl.conf. This is a tutorial for setting up a PCCS Service: link.

@pbeza pbeza mentioned this issue Aug 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pullp @zeefine @urnotcoward