SGX-hardware report "SGX is available for your CPU and enabled in BIOS" but can't run Remote Attestation sample #54
Description
Hi I've a MS-EARTHSHAKER H310M-VH (a very cheap motherboard) with Core i5 8400, SGX-hardware report:
eax: 906ea ebx: 6100800 ecx: 7ffafbbf edx: bfebfbff
stepping 10
model 14
family 6
processor type 0
extended model 9
extended family 0
smx: 0
Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c67af ecx: 40000000 edx: 9c000000
sgx available: 1
CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24
CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1f edx: 0
CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 50200001 ebx: 0 ecx: 5d80001 edx: 0
CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0
I think this means "SGX is available for your CPU and enabled in BIOS" and I installed latest pre-built SGX driver, PSW and SDK on a fresh Ubuntu 18.04.1.
Then I ran sample codes which SDK provides, it works well except Remote Attestation sample,
the output is:
Call sgx_get_extended_epid_group_id success.
MSG0 body generated -
4 bytes:
{
0x0, 0x0, 0x0, 0x0
}
Sending msg0 to remote attestation service provider.
Sent MSG0 to remote attestation service.
Call sgx_create_enclave success.
Call enclave_init_ra success.
sgx_ra_get_msg1 returns 4006
Error, call sgx_ra_get_msg1 fail [main].
Call enclave_ra_close success.
Enter a character before exit ...
I slightly modified the sample to exposing sgx_ra_get_msg1 return code, 4006 (SGX_ERROR_UPDATE_NEEDED) means Intel® SGX needs to be updated. (according to Error Codes)
I've googled SGX_ERROR_UPDATE_NEEDED or Intel® SGX needs to be updated. but not found any case, do you or someone report to you this situation? does it relates to BIOS?