[apache/incubator-teaclave-sgx-sdk] Running `mutual-ra` on different physical machines (Issue #369)

Sat, 15 Jan 2022 03:36:38 -0800 

Hello,

I'm trying to run the `mutual-ra` sample program on different physical machines 
(running a server on machine A and a client on machine B), but I got 
`SGX_ERROR_UNEXPECTED` error on `ocall_get_update_info` 
[call](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/565960cd7b4b36d1188459d75652619971c43f7e/samplecode/mutual-ra/enclave/src/cert.rs#L321-L324).
When I run both sides on the same machine, it works well.

Apparently, the root cause is calling `ocall_get_update_info` with the other 
machine's `platformInfoBlob` as an argument.

I wrote a simple [test 
program](https://gist.github.com/algon-320/9256454fb8d9ba8ad44bc3877d644175) 
which just calls `sgx_report_attestation_status` (actual function 
`ocall_get_update_info` calls).
When I give a machine's PIB and run the program on the same machine, it works 
as I expected (resulting in `SGX_SUCCESS` or `SGX_ERROR_UPDATE_NEEDED`).
However, when I give a machine's PIB and run the program on **the other 
machine**, it results in `SGX_ERROR_UNEXPECTED`.

I'm not completely sure about `sgx_report_attestation_status` SDK function,
but it seems to expect to be called on the same machine as the source of the 
`platformInfoBlob`.

So, now I have two questions:
1. Is the `mutual-ra` sample program expected to run on different physical 
machines?
2. Can we call `sgx_report_attestation_status` with a `platformInfoBlob` 
generated on another physical machine?

<details>
<summary>My configuration</summary>

- machine A:
    - Motherboard: ASUS PRIME Z390-A
    - CPU: Core i7-9700K
    - OS: Ubuntu 20.04.3 LTS (Linux 5.11.0-46-generic)
    - Driver: in-kernel
    - PSW, SDK: latest
    - SGX supported: Yes
    - SGX launch config supported: Yes

- machine B:
    - System: Lenovo ThinkPad X1 Carbon 6th
    - CPU: i7-8550U
    - OS: Ubuntu 20.04.3 LTS (Linux 5.11.0-46-generic) with `nosgx` parameter
    - Driver: OOT-driver 2.11
    - PSW, SDK: latest
    - SGX supported: Yes
    - SGX launch config supported: No

</details>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/369
You are receiving this because you are subscribed to this thread.

Message ID: <apache/incubator-teaclave-sgx-sdk/issues/3...@github.com>

Reply via email to