search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.33k stars 543 forks source link

IAS query returns GROUP_OUT_OF_DATE #554

Open melynx opened 4 years ago

melynx commented 4 years ago

Hi there, I'm currently using a NUC for some SGX related development work running the latest firmware that is available, details as follows:

      BaseBoard Manufacturer:"Intel Corporation"                                                                                                                                     
      Bios Mode:"UEFI"                                                                                                                                                               
      Bios Version/Date:"BECFL357.86A.0081.2020.0504.1834,05/04/2020"                                                                                                                                                                                                                                                      
      Platform Role:"Linux nuc 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux"                                                        
      Processor:"Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz"                                                                                                                                                                                                                                                                            
      SMBIOS Version:"3.2.1"                                                                                                                                                                                                                                                                                      
      System Manufacturer:"Intel(R) Client Systems"                                                                                                                                  
      System Model:"NUC8i7BEH"

CPUINFO:

vendor_id : GenuineIntel cpu family : 6 model : 142 model name : Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz stepping : 10 microcode : 0xd6

Performing a remote attestation with IAS results in a GROUP_OUT_OF_DATE response with the following advisories: ["INTEL-SA-00161", "INTEL-SA-00219", "INTEL-SA-00289", "INTEL-SA-00320,INTEL-SA-00329"].

Calling sgx_report_attestation_status results in the following:

DEBUG] sgx: SGX_ERROR_UPDATE_NEEDED [DEBUG] ucodeUpdate: 1 [DEBUG] csmeFwUpdate: 0 [DEBUG] pswUpdate: 0

Downloaded the latest ucode file from https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files but it seems like I'm already running the latest ucode version.

iucode_tool -S -l 06-8e-0a iucode_tool: system has processor(s) with signature 0x000806ea microcode bundle 1: 06-8e-0a selected microcodes: 001/001: sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424

Any suggestions on what might be the problem?

raoulstrackx commented 4 years ago

There are a few options on when/how to update microcode. For SGX you need to update the BIOS, patching microcode after the platform booted is insufficient.

melynx commented 4 years ago

@raoulstrackx The BIOS is the latest BIOS that is available by Intel which provides the d6 revision ucode. "BECFL357.86A.0081.2020.0504.1834,05/04/2020"

melynx commented 3 years ago

Update to the latest BIOS from https://downloadcenter.intel.com/download/29959/BIOS-Update-BECFL357-86A- and still facing the issue. Anyone?

ScottR-Intel commented 3 years ago

BIOS BE0087 with the latest microcode has now been released (your link was to BE0085). Please try this one: https://downloadcenter.intel.com/download/30154/BIOS-Update-BECFL357-?v=t

g302ge commented 3 years ago

ASUS B460M-K latest bios is a no use driver how to fix it ?