/dev/isgx not appearing, Failed to load QE3: 0x2006

[gutjuri]

Hello, I'm facing the following issue: I installed the intel SGX driver and PSW. For installing PSW, I added a local repository as described in the README and installed libsgx-launch libsgx-urts libsgx-epid libsgx-quote-ex libsgx-dcap-ql. However, even after a reboot, the device /dev/isgx is not present.

$ lscpu | sed -nr '/Model name/ s/.*:\s*(.*) @ .*/\1/p'
Intel(R) Core(TM) i5-8265U CPU
$ systemctl status aesmd
● aesmd.service - Intel(R) Architectural Enclave Service Manager
     Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-10-25 16:03:16 CEST; 3s ago
    Process: 57259 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
    Process: 57276 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 57279 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 57280 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 57281 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 57282 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 57283 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (code=exited, status=0/SUCCESS)
   Main PID: 57284 (aesm_service)
      Tasks: 4 (limit: 9144)
     Memory: 6.2M
     CGroup: /system.slice/aesmd.service
             └─57284 /opt/intel/sgx-aesm-service/aesm/aesm_service

Okt 25 16:03:16 bertrom systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
Okt 25 16:03:16 bertrom aesm_service[57283]: aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
Okt 25 16:03:16 bertrom systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
Okt 25 16:03:16 bertrom aesm_service[57284]: [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.
Okt 25 16:03:16 bertrom aesm_service[57284]: [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.
Okt 25 16:03:16 bertrom aesm_service[57284]: [get_driver_type edmm_utility.cpp:116] Failed to open Intel SGX device.
Okt 25 16:03:16 bertrom aesm_service[57284]: [load_qe ../qe_logic.cpp:698] Error, call sgx_create_enclave QE fail [load_qe], SGXError:2006.
Okt 25 16:03:16 bertrom aesm_service[57284]: Failed to load QE3: 0x2006
Okt 25 16:03:16 bertrom aesm_service[57284]: The server sock is 0x55cacdecb9d0

I'd be grateful for advice on how to solve this issue.

[llly]

the device /dev/isgx is not present

SGX driver is not working. Perhaps you need to enable SGX in BIOS setting.

[gutjuri]

Thanks for you answer. I already did that with that (https://github.com/intel/sgx-software-enable) Software. The program outputs "Intel SGX is already enabled on this system". Is there any other explanation?

[llly]

Check result of

cpuid | grep -i SGX_LC
      SGX_LC: SGX launch config supported      = false

You can install legacy driver(/dev/isgx), for example, https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu20.04-server/sgx_linux_x64_driver_2.11.054c9c4c.bin according to OS. If it's true, must install out-of-tree driver(/dev/sgx_enclave), for example, https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu20.04-server/sgx_linux_x64_driver_1.41.bin according to OS.

[gutjuri]

$ cpuid | grep -i SGX_LC
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false
      SGX_LC: SGX launch config supported      = false

As I'm running Ubuntu 22.04, there's no legacy driver for my plattform. Is there any other way to run SGX on my platform?

[llly]

Now, you can download https://download.01.org/intel-sgx/sgx-linux/2.18/distro/ubuntu22.04-server/sgx_linux_x64_driver_2.11.054c9c4c.bin and install to kernel < 5.11. I tested linux-image-unsigned-5.10.8-051008-generic on Ubuntu 22.04, need to touch to create empty file if see file not found error when installing driver.

And you must not install libsgx-dcap-ql. It only works for SGX launch config supported = true platform.

[gutjuri]

Now, you can download https://download.01.org/intel-sgx/sgx-linux/2.18/distro/ubuntu22.04-server/sgx_linux_x64_driver_2.11.054c9c4c.bin and install to kernel < 5.11. I tested linux-image-unsigned-5.10.8-051008-generic on Ubuntu 22.04, need to touch to create empty file if see file not found error when installing driver.

And you must not install libsgx-dcap-ql. It only works for SGX launch config supported = true platform.

Thank you. However, I have kernel 5.15.0 and the programme you posted says "Warning: There is no need to install additional SGX driver with in-kernel SGX support."

[llly]

5.15.0 won't work. < 5.11 is required for your machine. It's Non-FLC SGX.