`sgx_qe_get_target_info` failed with `SGX_QL_NETWORK_ERROR`

[sammyne]

Env

• commit: https://github.com/intel/SGXDataCenterAttestationPrimitives/commit/e3998c5fbd5d3fd065436b934b53822120e67be6

Problem

I'm playing with the PCKRetrievalTool with this error all the time. And don't know why sgx_qe_get_target_info would need to access network. Really appreciate if someone could help me out to fix this error~

[jsun39]

Could you please paste the outputted message? What's your environment, Windows or Linux? I guess for this error coming from the you give one wrong quote provide library. I need more information to identify the root cause.

[jdbeaney]

Try commenting out the PCCS_URL in the PCK Cert ID Retrieval Tool's configuration file: network_setting.conf

PCCS_URL=https://localhost:8081/sgx/certification/v3/platforms

The tool will try to contact the caching service (PCCS) when this URL is defined in the config file.

[sammyne]

Could you please paste the outputted message? What's your environment, Windows or Linux? I guess for this error coming from the you give one wrong quote provide library. I need more information to identify the root cause.

Env

• ubuntu 18.04.2 LTS container with /dev/sgx mounted
• sgx sdk v2.9.101.2
• dcap v1.6.100.2

But the app is written in teaclave-sgx-sdk@v1.1.2, which I think it isn't not the root cause.

What's now

If I install the sgx-pck-id-retrieve-tool_1.7.100.2-1_amd64.deb, the tool can generate the quote and failed to post the quote to PCCS, which is expected.

However, the app written by me cannot even generate the quote. But with PCCS served, the quote can be generated correctly. Besides, if I build the tool from source code in this repository, the same error occur = =

All above, I want to figure out

• which component is trying to access the network
• is there any diff between sgx-pck-id-retrieve-tool_1.7.100.2-1_amd64.deb and the one built from source (without considering the version)

@jsun39 @jdbeaney

How can I enable the SE_TRACE logging?

[sammyne]

No more idea?

[jsun39]

sorry for my later response, I missed the github notification.

1. This tool will try to call Quote Generation Library(QGL), and QGL will try to access PCCS to generate Quote(If you want to access PCCS, it will try to access the network).
2. I didn't remember there are any different between the deb package and source code.

If you want to enable the SE_TRACE, you can add the MACRO: SE_TRACE in the make file.

By the way, now this tool has released its 1.9 version, could you please try the latest version?

[sammyne]

sorry for my later response, I missed the github notification.

1. This tool will try to call Quote Generation Library(QGL), and QGL will try to access PCCS to generate Quote(If you want to access PCCS, it will try to access the network).
2. I didn't remember there are any different between the deb package and source code.

If you want to enable the SE_TRACE, you can add the MACRO: SE_TRACE in the make file.

By the way, now this tool has released its 1.9 version, could you please try the latest version?

Greate thanks~ I'll give the latest version a shot.