QuoteGenerationSample and $ sudo systemctl status pccs error

[modao1234]

I install pccs from https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration by $ sudo dpkg -i sgx-dcap-pccs_*.deb,

When I try to run QuoteGenerationSample it shows

    [APP] Info: sgx_qe_set_enclave_load_policy is valid in in-proc mode only and it is optional: the default enclave load policy is    persistent
    [APP] Info: set the enclave load policy as persistent
    [APP] Step1: Call sgx_qe_get_target_info:
    [QCNL] Error:  Encountered CURL error: (7) Couldn't connect to server 
    [QPL] Error: Failed to get quote config. Error code is 0xb006
    [get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe019
    Error in sgx_qe_get_target_info. 0xe019

And when I input command $ sudo systemctl status pccs error, it shows

● pccs.service - Provisioning Certificate Caching Service (PCCS)
     Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Wed 2023-11-01 17:05:16 JST; 6s ago
       Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
    Process: 673920 ExecStart=/usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js (code=exited, status=7)
   Main PID: 673920 (code=exited, status=7)
        CPU: 1.237s

Could anyone help me to solve this problem?

[lingyuj]

Looks like your PCCS was stopped abnormally. You may need to turn on PCCS's DEBUG log for further diagnosis.

[modao1234]

Looks like your PCCS was stopped abnormally. You may need to turn on PCCS's DEBUG log for further diagnosis.

Thank you for your reply. I reinstalled the whole PCCS and the package. Here is the new situation.

`● pccs.service - Provisioning Certificate Caching Service (PCCS) Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2023-11-08 03:32:02 JST; 2min 4s ago Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md Main PID: 1902369 (node) Tasks: 15 (limit: 103726) Memory: 39.7M CPU: 1.752s CGroup: /system.slice/pccs.service └─1902369 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js

Nov 08 03:32:52 ubuntu-2204 node[1902369]: 2023-11-08 03:32:52.730 [info]: Request-ID is : 3c3aa2c6ed494e3e9afb9dd87da2c5eb Nov 08 03:32:52 ubuntu-2204 node[1902369]: 2023-11-08 03:32:52.730 [error]: Intel PCS server returns error(404). Nov 08 03:32:52 ubuntu-2204 node[1902369]: 2023-11-08 03:32:52.730 [error]: Intel PCS server returns error. Error code : 404 Nov 08 03:32:52 ubuntu-2204 node[1902369]: 2023-11-08 03:32:52.730 [error]: Error: No cache data for this platform. Nov 08 03:32:52 ubuntu-2204 node[1902369]: at Module.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:9> Nov 08 03:32:52 ubuntu-2204 node[1902369]: at process.processTicksAndRejections (node:internal/process/task_queues:95:5) Nov 08 03:32:52 ubuntu-2204 node[1902369]: at async LazyCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_mode> Nov 08 03:32:52 ubuntu-2204 node[1902369]: at async Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:115:16) Nov 08 03:32:52 ubuntu-2204 node[1902369]: at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25) Nov 08 03:32:52 ubuntu-2204 node[1902369]: 2023-11-08 03:32:52.732 [info]: 127.0.0.1 - - [07/Nov/2023:18:32:52 +0000] "GET /sgx/certification/v4>`

And the sample code shows [APP] Info: sgx_qe_set_enclave_load_policy is valid in in-proc mode only and it is optional: the default enclave load policy is persistent [APP] Info: set the enclave load policy as persistent [APP] Step1: Call sgx_qe_get_target_info: [QPL] Error: No certificate data for this platform. [get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe011 Error in sgx_qe_get_target_info. 0xe011

And here is the last log information. `2023-11-08 03:34:52.905 [info]: Client Request-ID : 495e701592db451b85496f21928e391a 2023-11-08 03:34:53.489 [info]: Request-ID is : b1db896839594bbebc200ef2daf373fc 2023-11-08 03:34:53.489 [error]: Intel PCS server returns error(404). 2023-11-08 03:34:53.489 [error]: Intel PCS server returns error. Error code : 404 2023-11-08 03:34:53.489 [error]: Error: No cache data for this platform. at Module.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/logic/commonCacheLogic.js:92:11) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async LazyCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:126:12) at async Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:115:16) at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25) 2023-11-08 03:34:53.490 [info]: 127.0.0.1 - - [07/Nov/2023:18:34:53 +0000] "GET /sgx/certification/v4/pckcert?qeid=3F659F5BF3B4800625D642B3A08AFBC4&encrypted_ppid=8BCF3A0FBC8AFAF9654FAD301571117D5408D7606288EC188C27C32D73005F3A437A34410AE98848C45D2A5FF298007C50C7CE324D6693C81E652BBF08B3ED2F10EC3E99AF57790F8921BC15860927D9D4ECE907A39FEDD5937EEDBBB26B434E58F5629328E9DA57BC12FA708CB891335F462B0C74A0D419C402B93C9FCA0D355E863368F405B937AFEF9DE5D86F308CC88BFF5AE2974D55F6ACF08E44DD6DD56E09F390B7DEB760D4BD27E448E3A24F07971AC58850216157F7E879B90F7525F19FB6F11C4D2F6F1A177EE46E7E1927AF22C707B5BA446218710C8AF33904AF9719B090F8150EFBB5FC4280207B8581967A073508F08512A201C06EEBAA3214EBEC683F533BD439F99F332370703D97DBF871E0E8AFE49B50E043753FCDD9FCE934FDB065F7BE359D3E6ED15BD6E8DD649D710DDF68E7729384A95BDD0A2A4A842E90023D67C2BB4CBB9AF102B074E9582A70B6CB2B56150EBBAAC151D4E42DD17F5D21D1DA251C9E2D5F36C268F7AE5E7215324AD16D860126C1D4279B0955&cpusvn=06060E0CFFFF00000000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 404 32 "-" "-"

`

[jsun39]

have you registered your platform?

[modao1234]

have you registered your platform?

Sorry, could you tell me how to register my platform? Is this in the configuration process of installation PCCS or register for Product Intel® Software Guard Extensions Provisioning Certification Service subscription?

[jsun39]

the easier way is to install the multi-package agent, it will register your platform automatically. sudo yum install sgx-ra-service or sudo apt install sgx-ra-service

or other commands, depends on your os environment.

[modao1234]

the easier way is to install the multi-package agent, it will register your platform automatically. sudo yum install sgx-ra-service or sudo apt install sgx-ra-service

or other commands, depends on your os environment.

Hi jsun39, thank you so much for your reply. I installed sgx-ra-service, but the situation didn't change at all. And the I check the log mpa_registration.log it shows like: [10-11-2023 03:12:19] INFO: SGX Registration Agent version: 1.19.100.3 [10-11-2023 03:12:19] INFO: Starts Registration Agent Flow. [10-11-2023 03:12:19] ERROR: readUEFIVar: failed to open uefi variable /sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45 ,error: No such file or directory [10-11-2023 03:12:19] ERROR: getRegistrationStatus: SgxRegistrationStatus UEFI variable was not found or size not as expected. [10-11-2023 03:12:19] ERROR: getRegistrationStatus: SgxRegistrationStatus acutal size: 0, expected size: 7 [10-11-2023 03:12:19] ERROR: Registration Flow - getRegistrationStatus failed, error: 4 [10-11-2023 03:12:19] ERROR: writeUEFIVar: failed to open uefi variable /sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45, error: No such file or directory [10-11-2023 03:12:19] ERROR: setRegistrationStatus: failed to write uefi variable. [10-11-2023 03:12:19] ERROR: setRegistrationStatus failed, error: 4 [10-11-2023 03:12:19] INFO: Finished Registration Agent Flow.

Could you help me to check the problem? By the way, could you tell me what do I should install to utilize DCAP for remote attestation and TLS?

[dashuaic]

Can you do a SGX factory reset in the BIOS to clear the old data? And then restart your OS to check mpa_registration.log. These UEFI variables should be there when OS up.

[modao1234]

Can you do a SGX factory reset in the BIOS to clear the old data? And then restart your OS to check mpa_registration.log. These UEFI variables should be there when OS up.

Thank you very much for your reply. Do you have any other way to reset it? Because it is a virtue machine on cloud sever, it is impossible to ask them doing so.

[dashuaic]

INFO: SGX Registration Agent version: 1.19.100.3 [10-11-2023 03:12:19] INFO: Starts Registration Agent Flow. [10-11-2023 03:12:19] ERROR: readUEFIVar: failed to open uefi variable **/sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45** , Can you check if this UEFI variable is present on your system? If the system is set up properly, this variable should be there and sgx-ra-service will use this variable to do the registration.

[modao1234]

INFO: SGX Registration Agent version: 1.19.100.3 [10-11-2023 03:12:19] INFO: Starts Registration Agent Flow. [10-11-2023 03:12:19] ERROR: readUEFIVar: failed to open uefi variable **/sys/firmware/efi/efivars/SgxRegistrationStatus-f236c5dc-a491-4bbe-bcdd-88885770df45** , Can you check if this UEFI variable is present on your system? If the system is set up properly, this variable should be there and sgx-ra-service will use this variable to do the registration.

Thank you for your reply. I tried to find files including SgxRegistrationStatus in files name, but I found nothing. By the way could you tell me the correct procedure to enable DCAP? Like what do I need to install?

[dashuaic]

The steps to enable DCAP may vary depending on your hardware platform and firmware. May be you can refer this similar thread. https://community.intel.com/t5/Processors/Intel-Flexible-Launch-Control/td-p/1409007