search

intel / SGXDataCenterAttestationPrimitives

Other
281 stars 166 forks source link

Verification completed with Non-terminal result: a003 #367

Open sjrrr13 opened 10 months ago

sjrrr13 commented 10 months ago

When I build SGXDataCenterAttestationPrimitives/SampleCode/QuoteVerificationSample and run app, I got a Warning with code a003 in the verification:

Trusted quote verification:
        Info: get target info successfully returned.
        Info: sgx_qv_set_enclave_load_policy successfully returned.
        Info: tee_get_quote_supplemental_data_version_and_size successfully returned.
        Info: latest supplemental data major version: 3, minor version: 3, size: 536
        Info: App: tee_verify_quote successfully returned.
        Info: Ecall: Verify QvE report and identity successfully returned.
        Warning: App: Verification completed with Non-terminal result: a003
        Info: Supplemental data Major Version: 3
        Info: Supplemental data Minor Version: 3

===========================================

Untrusted quote verification:
        Info: tee_get_quote_supplemental_data_version_and_size successfully returned.
        Info: latest supplemental data major version: 3, minor version: 3, size: 536
        Info: App: tee_verify_quote successfully returned.
        Warning: App: Verification completed with Non-terminal result: a003
        Info: Supplemental data Major Version: 3
        Info: Supplemental data Minor Version: 3

I referred to /opt/intel/sgxsdk/include/sgx_qve_header.h for the code a003 and found:

SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = SGX_QL_QV_MK_ERROR(0x0003), 
///< The Quote is good but the TCB level of the platform is out 
///< date and additional configuration of the SGX Platform at it
///< current patching level may be needed. The platform needs
///< patching to be at the latest TCB level

The experiment was done on Ubuntu 20.04 on a SGX server. I've updated SGX SDK, Intel PCCS and SGX SSL Library and got code a002. Then I updated BIOS and got code a003. This problem made me fail to finish remote attestation with librats. I wonder how can I fix it.

ScottR-Intel commented 9 months ago

Can you please provide your PCCS log?

cat /opt/intel/sgx-dcap-pccs/logs/pccs_server.log