algon-320 opened a new issue #369: URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/369
Hello, I'm trying to run the `mutual-ra` sample program on different physical machines (running a server on machine A and a client on machine B), but I got `SGX_ERROR_UNEXPECTED` error on `ocall_get_update_info` [call](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/565960cd7b4b36d1188459d75652619971c43f7e/samplecode/mutual-ra/enclave/src/cert.rs#L321-L324). When I run both sides on the same machine, it works well. Apparently, the root cause is calling `ocall_get_update_info` with the other machine's `platformInfoBlob` as an argument. I wrote a simple [test program](https://gist.github.com/algon-320/9256454fb8d9ba8ad44bc3877d644175) which just calls `sgx_report_attestation_status` (actual function `ocall_get_update_info` calls). When I give a machine's PIB and run the program on the same machine, it works as I expected (resulting in `SGX_SUCCESS` or `SGX_ERROR_UPDATE_NEEDED`). However, when I give a machine's PIB and run the program on **the other machine**, it results in `SGX_ERROR_UNEXPECTED`. I'm not completely sure about `sgx_report_attestation_status` SDK function, but it seems to expect to be called on the same machine as the source of the `platformInfoBlob`. So, now I have two questions: 1. Is the `mutual-ra` sample program expected to run on different physical machines? 2. Can we call `sgx_report_attestation_status` with a `platformInfoBlob` generated on another physical machine? <details> <summary>My configuration</summary> - machine A: - Motherboard: ASUS PRIME Z390-A - CPU: Core i7-9700K - OS: Ubuntu 20.04.3 LTS (Linux 5.11.0-46-generic) - Driver: in-kernel - PSW, SDK: latest - SGX supported: Yes - SGX launch config supported: Yes - machine B: - System: Lenovo ThinkPad X1 Carbon 6th - CPU: i7-8550U - OS: Ubuntu 20.04.3 LTS (Linux 5.11.0-46-generic) with `nosgx` parameter - Driver: OOT-driver 2.11 - PSW, SDK: latest - SGX supported: Yes - SGX launch config supported: No </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org For additional commands, e-mail: notifications-h...@teaclave.apache.org
