search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.32k stars 541 forks source link

Error in sgx_qe_get_target_info. 0xe011 #891

Open fork-while-1 opened 2 years ago

fork-while-1 commented 2 years ago

Hi, I installed SGX-SDK and Intel PCCS and am trying to run the quote generation sample code found in: linux-sgx/external/dcap_source/SampleCode/QuoteGenerationSample but I get the following error message 

SGX_AESM_ADDR=1 ./app

Step1: Call sgx_qe_get_target_info:Error in sgx_qe_get_target_info. 0xe011

I took a step back and tried to check my PCCS configuration (following some troubleshooting steps from here, and it appears that this was not working either (I changed my caching fill method to LAZY based on the response there -- then I changed it back to REQ and it's still erroring out). Now when I run PCKIDRetrievalTool I get:

Intel(R) Software Guard Extensions PCK Cert ID Retrieval Tool Version 1.14.100.3

Warning: platform manifest is not available or current platform is not multi-package platform.
Error: unexpected error happend during sending data to cache server.
pckid_retrieval.csv has been generated successfully, however the data couldn't be sent to cache server!

Here is some additional info:

● aesmd.service - Intel(R) Architectural Enclave Service Manager
     Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: e>
     Active: active (running) since Thu 2022-09-22 18:51:58 UTC; 1min 20s ago
    Process: 2330056 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (co>
    Process: 2330065 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, sta>
    Process: 2330066 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code>
    Process: 2330067 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, s>
    Process: 2330068 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code>
    Process: 2330069 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, s>
    Process: 2330070 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (cod>
   Main PID: 2330071 (aesm_service)
      Tasks: 4 (limit: 38521)
     Memory: 4.4M
     CGroup: /system.slice/aesmd.service
             └─2330071 /opt/intel/sgx-aesm-service/aesm/aesm_service

Sep 22 18:51:58 icelake systemd[1]: Starting Intel(R) Architectural Enclave Servi>
Sep 22 18:51:58 icelake aesm_service[2330070]: aesm_service: warning: Turn to dae>
Sep 22 18:51:58 icelake systemd[1]: Started Intel(R) Architectural Enclave Servic>
Sep 22 18:51:58 icelake aesm_service[2330071]: The server sock is 0x5607787ca7d0
cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 106
model name      : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
stepping        : 6
microcode       : 0xffffffff
cpu MHz         : 2800.000
cache size      : 49152 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 27
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single fsgsbase tsc_adjust sgx bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves avx512vbmi umip avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq la57 rdpid sgx_lc fsrm arch_capabilities
bugs            : spectre_v1 spectre_v2 spec_store_bypass swapgs mmio_stale_data
bogomips        : 5586.87
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 57 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 106
model name      : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
stepping        : 6
microcode       : 0xffffffff
cpu MHz         : 2800.000
cache size      : 49152 KB
physical id     : 0
siblings        : 4
core id         : 1
cpu cores       : 4
apicid          : 1
initial apicid  : 1
fpu             : yes
fpu_exception   : yes
cpuid level     : 27
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single fsgsbase tsc_adjust sgx bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves avx512vbmi umip avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq la57 rdpid sgx_lc fsrm arch_capabilities
bugs            : spectre_v1 spectre_v2 spec_store_bypass swapgs mmio_stale_data
bogomips        : 5586.87
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 57 bits virtual
power management:

processor       : 2
vendor_id       : GenuineIntel
cpu family      : 6
model           : 106
model name      : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
stepping        : 6
microcode       : 0xffffffff
cpu MHz         : 1485.304
cache size      : 49152 KB
physical id     : 0
siblings        : 4
core id         : 2
cpu cores       : 4
apicid          : 2
initial apicid  : 2
fpu             : yes
fpu_exception   : yes
cpuid level     : 27
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single fsgsbase tsc_adjust sgx bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves avx512vbmi umip avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq la57 rdpid sgx_lc fsrm arch_capabilities
bugs            : spectre_v1 spectre_v2 spec_store_bypass swapgs mmio_stale_data
bogomips        : 5586.87
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 57 bits virtual
power management:

processor       : 3
vendor_id       : GenuineIntel
cpu family      : 6
model           : 106
model name      : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
stepping        : 6
microcode       : 0xffffffff
cpu MHz         : 2800.000
cache size      : 49152 KB
physical id     : 0
siblings        : 4
core id         : 3
cpu cores       : 4
apicid          : 3
initial apicid  : 3
fpu             : yes
fpu_exception   : yes
cpuid level     : 27
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single fsgsbase tsc_adjust sgx bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves avx512vbmi umip avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq la57 rdpid sgx_lc fsrm arch_capabilities
bugs            : spectre_v1 spectre_v2 spec_store_bypass swapgs mmio_stale_data
bogomips        : 5586.87
clflush size    : 64
cache_alignment : 64
address sizes   : 46 bits physical, 57 bits virtual
power management:

Note that this is an Azure VM on an icelake microarchitecture running Ubuntu 20.04.4 LTS. Any pointers are greatly appreciated! Thank you!!

jsun39 commented 2 years ago

would you please paste your pccs log?

delassus commented 1 year ago

check /etc/sgx_default_qnlc.conf If PCCS server is on same host use this setting:

PCCS server address

PCCS_URL=https://localhost:8081/sgx/certification/v3/

To accept insecure HTTPS certificate, set this option to FALSE

USE_SECURE_CERT=FALSE