openenclave: Remote Attestation Error on Intel SGX-enabled Machine
Hi, I’m trying to test RA on Intel SGX-enabled machine, not ACC.
I followed this doc (https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/Contributors/NonAccMachineSGXLinuxGettingStarted.md), but RA error still occurred. (There was no error when it ran on ACC)
I put the detailed error msg when I ran make run in sample/attestation with the flag OE_LOG_LEVEL=INFO.
1 host/attestation_host sgxremote ./enclave_a/enclave_a.signed ./enclave_b/enclave_b.signe d
2 Enclave1: ***../common/crypto.cpp(80): mbedtls initialized.
3 Enclave2: ***../common/crypto.cpp(80): mbedtls initialized.
4 Enclave2: ***../common/dispatcher.cpp(80): get_enclave_format_settings
5 Enclave1: ***../common/dispatcher.cpp(130): get_evidence_with_public_key
6 Enclave1: ***../common/attestation.cpp(94): oe_serialize_custom_claims
7 Enclave1: ***../common/attestation.cpp(105): serialized custom claims buffer size: 121
8 Enclave1: ***../common/attestation.cpp(121): oe_get_evidence failed.(OE_PLATFORM_ERROR)
9 Enclave1: ***../common/dispatcher.cpp(150): get_evidence_with_public_key failed
10 Enclave1: ***../common/crypto.cpp(94): mbedtls cleaned up.
11 Enclave2: ***../common/crypto.cpp(94): mbedtls cleaned up.
12 Host: Creating two enclaves
13 Host: Enclave library ./enclave_a/enclave_a.signed
14 2020-10-12T16:02:27+0900.816042Z [(H)INFO] tid(0x7ff9bc509c00) | Processor supports AVX instructions [/source/host/sgx/linux/xstate.c:_is_xgetbv_supported:33]
15 2020-10-12T16:02:27+0900.816073Z [(H)INFO] tid(0x7ff9bc509c00) | Value of XFRM to be set in enclave is 7
16 [/source/host/sgx/sgxload.c:_detect_xfrm:121]
17 2020-10-12T16:02:27+0900.818675Z [(H)INFO] tid(0x7ff9bc509c00) | Loading libsgx_enclave_common.so.1
18 [/source/host/sgx/sgx_enclave_common_wrapper.c:_load_sgx_enclave_common_impl:110]
19 2020-10-12T16:02:27+0900.818747Z [(H)INFO] tid(0x7ff9bc509c00) | Loaded libsgx_enclave_common.so.1
20 [/source/host/sgx/sgx_enclave_common_wrapper.c:_load_sgx_enclave_common_impl:126]
21 2020-10-12T16:02:27+0900.935639Z [(H)WARN] tid(0x7ff9bc509c00) | In-enclave logging is not supported. To enable, please add
22
23 from "openenclave/edl/logging.edl" import *;
24
25 in the edl file.
26 [/source/host/sgx/create.c:oe_create_enclave:1014]
27 Host: Enclave successfully created.
28 Host: Enclave library ./enclave_b/enclave_b.signed
29 2020-10-12T16:02:27+0900.935648Z [(H)INFO] tid(0x7ff9bc509c00) | Processor supports AVX instructions [/source/host/sgx/linux/xstate.c:_is_xgetbv_supported:33]
30 2020-10-12T16:02:27+0900.935650Z [(H)INFO] tid(0x7ff9bc509c00) | Value of XFRM to be set in enclave is 7
31 [/source/host/sgx/sgxload.c:_detect_xfrm:121]
32 2020-10-12T16:02:28+0900.131996Z [(H)WARN] tid(0x7ff9bc509c00) | In-enclave logging is not supported. To enable, please add
33
34 from "openenclave/edl/logging.edl" import *;
35
36 in the edl file.
37 [/source/host/sgx/create.c:oe_create_enclave:1014]
38 Host: Enclave successfully created.
39
40
41 Host: ********** Attest enclave_a to enclave_b **********
42
43 Host: Requesting enclave_b format settings
44 Host: Requesting enclave_a to generate a targeted evidence with an encryption key
45 2020-10-12T16:02:28+0900.132093Z [(H)INFO] tid(0x7ff9bc509c00) | Loading libsgx_dcap_ql.so
46 [/source/host/sgx/sgxquote.c:_load_sgx_dcap_ql_impl:131]
47 2020-10-12T16:02:28+0900.132337Z [(H)INFO] tid(0x7ff9bc509c00) | Loaded libsgx_dcap_ql.so
48 [/source/host/sgx/sgxquote.c:_load_sgx_dcap_ql_impl:145]
49 2020-10-12T16:02:28+0900.132341Z [(H)INFO] tid(0x7ff9bc509c00) | DCAP installed and set for in-process quoting. [/source/host/sgx/sgxquote.c:_load_quote_ex_library_once:178]
50 2020-10-12T16:02:28+0900.132348Z [(H)INFO] tid(0x7ff9bc509c00) | DCAP only supports ECDSA_P256
51 [/source/host/sgx/sgxquote.c:oe_sgx_get_supported_attester_format_ids:619]
52 2020-10-12T16:02:28+0900.132382Z [(H)INFO] tid(0x7ff9bc509c00) | oe_load_quote_provider libdcap_quoteprov.so
53 [/source/host/sgx/linux/sgxquoteproviderloader.c:oe_load_quote_provider:25]
54 2020-10-12T16:02:28+0900.136236Z [(H)WARN] tid(0x7ff9bc509c00) | sgxquoteprovider: sgx_ql_set_logging_function not found
55 [/source/host/sgx/linux/sgxquoteproviderloader.c:oe_load_quote_provider:46]
56 2020-10-12T16:02:28+0900.136240Z [(H)INFO] tid(0x7ff9bc509c00) | sgxquoteprovider: provider.get_sgx_quote_verification_collateral = 0x7ff9bc47c7c0
57 [/source/host/sgx/linux/sgxquoteproviderloader.c:oe_load_quote_provider:59]
58 2020-10-12T16:02:28+0900.136241Z [(H)INFO] tid(0x7ff9bc509c00) | sgxquoteprovider: provider.get_sgx_quote_verification_collateral = 0x7ff9bc47c700
59 [/source/host/sgx/linux/sgxquoteproviderloader.c:oe_load_quote_provider:64]
60 2020-10-12T16:02:28+0900.154055Z [(H)ERROR] tid(0x7ff9bc509c00) | quote3_error_t=0xe035
61 (oe_result_t=OE_PLATFORM_ERROR) [/source/host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:401]
62 2020-10-12T16:02:28+0900.154060Z [(H)ERROR] tid(0x7ff9bc509c00) | :OE_PLATFORM_ERROR [/source/host/sgx/quote.c:sgx_get_qetarget_info:37]
63 Host: get_evidence_with_public_key failed. OE_OK
64 Host: attestation failed with 1
65 Host: Terminating enclaves
66 Host: Enclave successfully terminated.
67 Host: Enclave successfully terminated.
68 Host: failed
69 2020-10-12T16:02:28+0900.162239Z [(H)INFO] tid(0x7ff9bc509c00) | _unload_quote_provider libdcap_quoteprov.so
70 [/source/host/sgx/linux/sgxquoteproviderloader.c:_unload_quote_provider:13]
71 Makefile:24: recipe for target 'runsgxremote' failed
In this log, the libdcap_quoteprov.so library successfully loaded but it says that it supports only the ECDSA scheme which is supported by IAS. oesign accepts only keys based on the RSA scheme. So I’m guessing this mismatch is the root cause of the error.
I was just wondering how the author can attest by following instructions in the doc that describes remote attestation on Non-ACC.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 22 (3 by maintainers)
Hi @jdbeaney, @shnwc. I solved this problem on another platform and is working well now. Let me close this issue.