marioolf commented on issue #725:
URL:
https://github.com/apache/incubator-teaclave/issues/725#issuecomment-1875172959
So I changed `LogLevel` to `debug` in
`/opt/intel/sgx-dcap-pccs/config/default.json`:
```
{
"HTTPS_PORT" : 8082,
"hosts" : "0.0.0.0",
"uri": "https://api.trustedservices.intel.com/sgx/certification/v3/";,
...
"LogLevel" : "debug",
```
Now once I restart pccs service, I run `sudo -E ./teaclave_sgx_tool
attestation --url https://localhost:8082 --algorithm sgx_ecdsa` to test
atttestation. Output is the following:
```
[ERROR teaclave_sgx_tool_enclave] Failed to attest: invalid peer
certificate: Other(UnsupportedCertVersion)
[2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point
OK. App Received Buf: [123, 34, 69,
114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111,
114, 34, 125]
[2024-01-03T10:35:40Z DEBUG teaclave_binder::binder] Dropping TeeBinder,
start finalize().
[2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee:
1002, 4 bytes
[TRACE teaclave_sgx_tool_enclave] tee receive cmd: 1002, input_buf = [110,
117, 108, 108]
[DEBUG teaclave_sgx_tool_enclave] handle_invoke
[DEBUG teaclave_service_enclave_utils] Enclave finalizing
[DEBUG teaclave_service_enclave_utils] g_peak_heap_used: 180224
[DEBUG teaclave_service_enclave_utils] g_peak_rsrv_mem_committed: 0
[2024-01-03T10:35:40Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point
OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125]
Error: ServiceError
```
PCCS show the following:
```
● pccs.service - Provisioning Certificate Caching Service (PCCS)
Loaded: loaded (/lib/systemd/system/pccs.service; enabled; vendor
preset: enabled)
Active: active (running) since Wed 2024-01-03 10:40:22 UTC; 2min 0s ago
Docs:
https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
Main PID: 96704 (node)
Tasks: 11 (limit: 38387)
Memory: 68.4M
CGroup: /system.slice/pccs.service
└─96704 /usr/bin/node -r esm
/opt/intel/sgx-dcap-pccs/pccs_server.js
ene 03 10:40:22 teaclave-vm systemd[1]: Started Provisioning Certificate
Caching Service (PCCS).
ene 03 10:40:22 teaclave-vm node[96704]: Wed, 03 Jan 2024 10:40:22 GMT
morgan deprecated default format: use combined format at
node_modules/esm/esm.js:1:278827
ene 03 10:40:25 teaclave-vm node[96704]: 2024-01-03 10:40:25.129 [info]:
HTTPS Server is running on: https://localhost:8082
```
Although log doesn't show more info I must pointing at the right service,
because if I change pccs cert to a v3 cert, error changes as I said to `[ERROR
teaclave_sgx_tool_enclave] Failed to attest: invalid peer certificate:
UnknownIssuer`
In fact, command `curl -v -k -G
"https://localhost:8082/sgx/certification/v3/rootcacrl"` returns what it should,
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For additional commands, e-mail: notifications-h...@teaclave.apache.org
