jsun39
commented
2 years ago I think I have found the root cause: you can say it is one setting priority issue. As a work around, you can remove/delete the network_setting.conf file from this tool's folder.
I will try to evaluate how to avoid this
The command line argument "-use_secure_cert false" is ignored unless it is also present in the file "network_setting.conf". However, the file "network_setting.conf" does not contain any default setting for the variable "USE_SECURE_CERT" (it is commented out and hence ignored). Basically, the code always defaults to USE_SECURE_CERT=TRUE.
So this call will fail with an error:
**# ./PCKIDRetrievalTool -use_secure_cert false Error: network error, please check the network setting or whether the cache server is down. Error: the data couldn't be sent to cache server!**
However, if the file network_setting.conf contains either line: USE_SECURE_CERT=TRUE or USE_SECURE_CERT=FALSE or even USE_SECURE_CERT=BOGUS
the same call that failed before now succeeds:
Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.14.100.3 Registration status has been set to completed status. the data has been sent to cache server successfully!
Considering the only purpose of the command line arguments is to not to depend on the network_setting.conf, this is a very unfortunate bug.