Failed to generate non-empty quote within guest

[jorgeantonio21]

Describe the support request
I have tried multiple times to setup remote attestation on the host. Even though mpa registration seems successful, every time I try to generate a quote from the guest, I obtain an empty array:

root@tdx-guest:~# trustauthority-cli quote
[]

It seems that I am having some platform caching retrieval issues, as logged by the pccs and qgsd services. However, I am not sure why is this, given that the MPA registration went through successfully (according to logs).

System report
Please run the system-report.sh script (located in the root directory of this repo) on your host system and copy the output below.

Git ref

2176fdb805a25c2fbee508a9f1ab0f82298be8c6

Operating system details

Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.1 LTS
Release:	24.04
Codename:	noble

Kernel version

6.8.0-1015-intel #22-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 12 14:47:29 UTC 2024 x86_64 x86_64 GNU/Linux

TDX kernel logs

[   17.354689] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[   17.355686] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[   71.190943] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20240407, build_num 744
[   71.190950] virt/tdx: CMR: [0x100000, 0x77800000)
[   71.190954] virt/tdx: CMR: [0x100000000, 0xc03e000000)
[   71.190956] virt/tdx: CMR: [0xc080000000, 0x18040000000)
[   71.190958] virt/tdx: CMR: [0x18080000000, 0x24040000000)
[   71.190960] virt/tdx: CMR: [0x24080000000, 0x30040000000)
[   83.879395] virt/tdx: 12591124 KB allocated for PAMT
[   83.879403] virt/tdx: module initialized
...
[   17.354689] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[   17.355686] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[   71.190943] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20240407, build_num 744
[   71.190950] virt/tdx: CMR: [0x100000, 0x77800000)
[   71.190954] virt/tdx: CMR: [0x100000000, 0xc03e000000)
[   71.190956] virt/tdx: CMR: [0xc080000000, 0x18040000000)
[   71.190958] virt/tdx: CMR: [0x18080000000, 0x24040000000)
[   71.190960] virt/tdx: CMR: [0x24080000000, 0x30040000000)
[   83.879395] virt/tdx: 12591124 KB allocated for PAMT
[   83.879403] virt/tdx: module initialized

TDX CPU instruction support

CPU supports TDX according to /proc/cpuinfo

rdmsr: open: Permission denied

Model specific registers (MSRs)

MK_TME_ENABLED bit: 1 (expected value: 1)
SEAM_RR bit: 1 (expected value: 1)
NUM_TDX_PRIV_KEYS: 20
SGX_AND_MCHECK_STATUS: 0 (expected value: 0)
Production platform: Pre-production (expected value: Production)

CPU details

 INTEL(R) XEON(R) PLATINUM 8568Y+

QEMU package details

Status: Installed
Package: qemu-system-x86
Version: 2:8.2.2+ds-0ubuntu1.4+tdx1.0
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

Libvirt package details

Status: Installed
Package: libvirt-clients
Version: 10.0.0-2ubuntu8.3+tdx1.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

OVMF package details

Status: Installed
Package: ovmf
Version: 2024.02-3+tdx1.0
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

sgx-dcap-pccs package details

Status: Installed
Package: sgx-dcap-pccs
Version: 1.21-0ubuntu1
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

tdx-qgs package details

Status: Installed
Package: tdx-qgs
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

sgx-ra-service package details

Status: Installed
Package: sgx-ra-service
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
Description: Intel(R) Software Guard Extensions Multi-Package Registration Agent Service

sgx-pck-id-retrieval-tool package details

Status: Installed
Package: sgx-pck-id-retrieval-tool
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

QGSD service status

● qgsd.service - Intel(R) TD Quoting Generation Service
     Loaded: loaded (/usr/lib/systemd/system/qgsd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-01-16 08:53:55 UTC; 1h 8min ago
    Process: 73135 ExecStartPre=/bin/chown -R qgsd:qgsd /var/opt/qgsd/ (code=exited, status=0/SUCCESS)
    Process: 73141 ExecStartPre=/bin/chmod 0750 /var/opt/qgsd/ (code=exited, status=0/SUCCESS)
    Process: 73145 ExecStartPre=/usr/share/qgs/linksgx.sh (code=exited, status=0/SUCCESS)
    Process: 73162 ExecStart=/usr/bin/qgs (code=exited, status=0/SUCCESS)
   Main PID: 73164 (qgs)
      Tasks: 5 (limit: 629145)
     Memory: 3.0M (peak: 3.7M)
        CPU: 103ms
     CGroup: /system.slice/qgsd.service
             └─73164 /usr/bin/qgs

Jan 16 08:55:49 atoma-test qgsd[73164]: tee_att_init_quote return 0x11001
Jan 16 08:55:49 atoma-test qgsd[73164]: tee_att_get_quote_size return 0x1100f
Jan 16 08:55:49 atoma-test qgsd[73164]: call tee_att_init_quote
Jan 16 08:55:49 atoma-test qgsd[73164]: [QPL] Failed to get quote config. Error code is 0xb010
Jan 16 08:55:49 atoma-test qgsd[73164]: [get_platform_quote_cert_data ../td_ql_logic.cpp:302] Error returned from the p_sgx_get_quote_config API. 0xe047
Jan 16 08:55:49 atoma-test qgsd[73164]: tee_att_init_quote return 0x11001
Jan 16 08:55:49 atoma-test qgsd[73164]: tee_att_get_quote_size return 0x1100f
Jan 16 08:55:49 atoma-test qgsd[73164]: resp_size is 0
Jan 16 08:55:49 atoma-test qgsd[73164]: About to shutdown and close socket
Jan 16 08:55:49 atoma-test qgsd[73164]: erased a connection, now [0]

PCCS service status

● pccs.service - Provisioning Certificate Caching Service (PCCS)
     Loaded: loaded (/usr/lib/systemd/system/pccs.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-01-15 22:59:24 UTC; 11h ago
       Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
   Main PID: 2388 (node)
      Tasks: 15 (limit: 629145)
     Memory: 108.5M (peak: 113.0M)
        CPU: 2.974s
     CGroup: /system.slice/pccs.service
             └─2388 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js

Jan 16 08:55:49 atoma-test node[2388]:     at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:118:41)
Jan 16 08:55:49 atoma-test node[2388]:     at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
Jan 16 08:55:49 atoma-test node[2388]: 2025-01-16 08:55:49.786 [info]: 127.0.0.1 - - [16/Jan/2025:08:55:49 +0000] "GET /sgx/certification/v4/pckcert?qeid=E54A0BF0D55818ABECCEDD2CEE946A0B&encrypted_ppid=C6252D163F59441CFA514D7385F76CB24956B493CB8A379254A3EBE94A949E4D533540154F244FDDD3ACB5F4C4184F2756F14C0644517DE22F1AE7480DA32C9849B4179CFF464E214F4731938E1DCD40E15C0D4DFFB7BAA8629A1A57FF87AE74E9E49AF2969538F00DEF5F0119DB48E676029DC65B75D9469685C9ABA23706CFC8089CF034626F28585ED909ECD04F4622CB5DB0D5B1EB91F3729565C7B4834DF99564C8EB2183EDEF6F1E556A735E76A36291C097B16599FB8DC841021E8EDD5718F90EE9B537C0DB9E9ABF6F3CFEBBB4F1843E380BC4003C29F21B82A633E11ECC4C674D58265D041E7A5664D73439727E0E19574E786F7DBA4290BF1BEC1C951E25595E650523C536B7D702B672C02B80B6177CF00524C8F10481BD12982CD7211310C4FAE6BCDF25D74F76A7E0389E7FC39589A054E1F1BAB0634ADF7325BAE321CD71E2E338E752D071BF1994A2F2D3C1F649E6AE62DF80D0E7E72C680324258C5AD6D27A3AC21C99E342F2A335D506B0D77057C43E5E5790D9A832B8DF&cpusvn=0303191B04FF01060000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"
Jan 16 08:55:49 atoma-test node[2388]: 2025-01-16 08:55:49.795 [info]: Client Request-ID : 26afaca9adfe4947ba4e10f57f989b6b
Jan 16 08:55:49 atoma-test node[2388]: 2025-01-16 08:55:49.799 [error]: Error: The platform was not found in the cache.
Jan 16 08:55:49 atoma-test node[2388]:     at ReqCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:72:11)
Jan 16 08:55:49 atoma-test node[2388]:     at CachingModeManager.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingModeManager.js:54:23)
Jan 16 08:55:49 atoma-test node[2388]:     at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:118:41)
Jan 16 08:55:49 atoma-test node[2388]:     at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
Jan 16 08:55:49 atoma-test node[2388]: 2025-01-16 08:55:49.801 [info]: 127.0.0.1 - - [16/Jan/2025:08:55:49 +0000] "GET /sgx/certification/v4/pckcert?qeid=E54A0BF0D55818ABECCEDD2CEE946A0B&encrypted_ppid=C6252D163F59441CFA514D7385F76CB24956B493CB8A379254A3EBE94A949E4D533540154F244FDDD3ACB5F4C4184F2756F14C0644517DE22F1AE7480DA32C9849B4179CFF464E214F4731938E1DCD40E15C0D4DFFB7BAA8629A1A57FF87AE74E9E49AF2969538F00DEF5F0119DB48E676029DC65B75D9469685C9ABA23706CFC8089CF034626F28585ED909ECD04F4622CB5DB0D5B1EB91F3729565C7B4834DF99564C8EB2183EDEF6F1E556A735E76A36291C097B16599FB8DC841021E8EDD5718F90EE9B537C0DB9E9ABF6F3CFEBBB4F1843E380BC4003C29F21B82A633E11ECC4C674D58265D041E7A5664D73439727E0E19574E786F7DBA4290BF1BEC1C951E25595E650523C536B7D702B672C02B80B6177CF00524C8F10481BD12982CD7211310C4FAE6BCDF25D74F76A7E0389E7FC39589A054E1F1BAB0634ADF7325BAE321CD71E2E338E752D071BF1994A2F2D3C1F649E6AE62DF80D0E7E72C680324258C5AD6D27A3AC21C99E342F2A335D506B0D77057C43E5E5790D9A832B8DF&cpusvn=0303191B04FF01060000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"

MPA registration logs (last 30 lines)

[15-01-2025 10:59:24] INFO: SGX Registration Agent version: 1.21.100.3
[15-01-2025 10:59:24] INFO: Starts Registration Agent Flow.
[15-01-2025 10:59:24] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[15-01-2025 10:59:24] INFO: Finished Registration Agent Flow.

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-1602.

This message was autogenerated

[hector-cao]

Hello, did you try to follow the SGX Reset instructions in the README ?

[jorgeantonio21]

@hector-cao I did follow the steps:

If an error is reported, re-do the registration from scratch with these steps:

Remove the MPA log file: sudo rm /var/log/mpa_registration.log.
Reboot.
Go into the BIOS.
Navigate to Socket Configuration > Processor Configuration > Software Guard Extension (SGX).
Set these:
SGX Factory Reset to Enable
SGX Auto MP Registration to Enable

But unfortunately, to no avail

[hector-cao]

@jorgeantonio21 Can you run the system-report as sudo please, we have a bug in the script and for now, we need to run the script as root to get correct system report

[jorgeantonio21]

Sure @hector-cao, here are the logs of running system-report with sudo permissions:

Git ref

2176fdb805a25c2fbee508a9f1ab0f82298be8c6

Operating system details

Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.1 LTS
Release:	24.04
Codename:	noble

Kernel version

6.8.0-1015-intel #22-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 12 14:47:29 UTC 2024 x86_64 x86_64 GNU/Linux

TDX kernel logs

[   17.425222] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[   17.426218] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[   66.028197] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20240407, build_num 744
[   66.028202] virt/tdx: CMR: [0x100000, 0x77800000)
[   66.028205] virt/tdx: CMR: [0x100000000, 0xc03e000000)
[   66.028206] virt/tdx: CMR: [0xc080000000, 0x18040000000)
[   66.028208] virt/tdx: CMR: [0x18080000000, 0x24040000000)
[   66.028209] virt/tdx: CMR: [0x24080000000, 0x30040000000)
[   73.126655] virt/tdx: 12591124 KB allocated for PAMT
[   73.126661] virt/tdx: module initialized
...
[   17.425222] virt/tdx: BIOS enabled: private KeyID range [32, 64)
[   17.426218] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[   66.028197] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20240407, build_num 744
[   66.028202] virt/tdx: CMR: [0x100000, 0x77800000)
[   66.028205] virt/tdx: CMR: [0x100000000, 0xc03e000000)
[   66.028206] virt/tdx: CMR: [0xc080000000, 0x18040000000)
[   66.028208] virt/tdx: CMR: [0x18080000000, 0x24040000000)
[   66.028209] virt/tdx: CMR: [0x24080000000, 0x30040000000)
[   73.126655] virt/tdx: 12591124 KB allocated for PAMT
[   73.126661] virt/tdx: module initialized

TDX CPU instruction support

CPU supports TDX according to /proc/cpuinfo

Model specific registers (MSRs)

MK_TME_ENABLED bit: 1 (expected value: 1)
SEAM_RR bit: 1 (expected value: 1)
NUM_TDX_PRIV_KEYS: 20
SGX_AND_MCHECK_STATUS: 0 (expected value: 0)
Production platform: Production (expected value: Production)

CPU details

 INTEL(R) XEON(R) PLATINUM 8568Y+

QEMU package details

Status: Installed
Package: qemu-system-x86
Version: 2:8.2.2+ds-0ubuntu1.4+tdx1.0
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

Libvirt package details

Status: Installed
Package: libvirt-clients
Version: 10.0.0-2ubuntu8.3+tdx1.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

OVMF package details

Status: Installed
Package: ovmf
Version: 2024.02-3+tdx1.0
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-release/ubuntu noble/main amd64 Packages

sgx-dcap-pccs package details

Status: Installed
Package: sgx-dcap-pccs
Version: 1.21-0ubuntu1
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

tdx-qgs package details

Status: Installed
Package: tdx-qgs
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

sgx-ra-service package details

Status: Installed
Package: sgx-ra-service
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages
Description: Intel(R) Software Guard Extensions Multi-Package Registration Agent Service

sgx-pck-id-retrieval-tool package details

Status: Installed
Package: sgx-pck-id-retrieval-tool
Version: 1.21-0ubuntu2.2
APT-Sources: https://ppa.launchpadcontent.net/kobuk-team/tdx-attestation-release/ubuntu noble/main amd64 Packages

QGSD service status

● qgsd.service - Intel(R) TD Quoting Generation Service
     Loaded: loaded (/usr/lib/systemd/system/qgsd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-01-16 15:09:18 UTC; 24min ago
    Process: 2404 ExecStartPre=/bin/chown -R qgsd:qgsd /var/opt/qgsd/ (code=exited, status=0/SUCCESS)
    Process: 2570 ExecStartPre=/bin/chmod 0750 /var/opt/qgsd/ (code=exited, status=0/SUCCESS)
    Process: 2581 ExecStartPre=/usr/share/qgs/linksgx.sh (code=exited, status=0/SUCCESS)
    Process: 2645 ExecStart=/usr/bin/qgs (code=exited, status=0/SUCCESS)
   Main PID: 2651 (qgs)
      Tasks: 5 (limit: 629145)
     Memory: 12.5M (peak: 13.0M)
        CPU: 103ms
     CGroup: /system.slice/qgsd.service
             └─2651 /usr/bin/qgs

Jan 16 15:33:05 atoma-test qgsd[2651]: tee_att_init_quote return 0x11001
Jan 16 15:33:05 atoma-test qgsd[2651]: tee_att_get_quote_size return 0x1100f
Jan 16 15:33:05 atoma-test qgsd[2651]: call tee_att_init_quote
Jan 16 15:33:05 atoma-test qgsd[2651]: [QPL] Failed to get quote config. Error code is 0xb010
Jan 16 15:33:05 atoma-test qgsd[2651]: [get_platform_quote_cert_data ../td_ql_logic.cpp:302] Error returned from the p_sgx_get_quote_config API. 0xe047
Jan 16 15:33:05 atoma-test qgsd[2651]: tee_att_init_quote return 0x11001
Jan 16 15:33:05 atoma-test qgsd[2651]: tee_att_get_quote_size return 0x1100f
Jan 16 15:33:05 atoma-test qgsd[2651]: resp_size is 0
Jan 16 15:33:05 atoma-test qgsd[2651]: About to shutdown and close socket
Jan 16 15:33:05 atoma-test qgsd[2651]: erased a connection, now [0]

PCCS service status

● pccs.service - Provisioning Certificate Caching Service (PCCS)
     Loaded: loaded (/usr/lib/systemd/system/pccs.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-01-16 15:09:17 UTC; 24min ago
       Docs: https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/pccs/README.md
   Main PID: 2400 (node)
      Tasks: 15 (limit: 629145)
     Memory: 106.1M (peak: 113.6M)
        CPU: 1.836s
     CGroup: /system.slice/pccs.service
             └─2400 /usr/bin/node /opt/intel/sgx-dcap-pccs/pccs_server.js

Jan 16 15:33:05 atoma-test node[2400]:     at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:118:41)
Jan 16 15:33:05 atoma-test node[2400]:     at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
Jan 16 15:33:05 atoma-test node[2400]: 2025-01-16 15:33:05.959 [info]: 127.0.0.1 - - [16/Jan/2025:15:33:05 +0000] "GET /sgx/certification/v4/pckcert?qeid=87B2B079108B1D2508D2C4AA10F6D366&encrypted_ppid=5B1B08B8B0E8089C247C8B70F5C5A4F4163522246EE29B2D4139C85FD6FF6AEA5AF551B29259AC1DFCCEC7C6364E1D52DDE73AD78DF1E1ACDA021567DD9794BE8BC31C25F63BA38C9B340F916E3A1B09BCDA75996DADEE2C22E9300FF4B7EF15B9C194245CBD21DC62844ED02ED44F63CE1C8EEC67C86CA1E3844DBC0B80B4D0AE7B8D8E7B93119FB532F75671A9D2ED53AAABFADA26C50BC51DB1FE94ACF2533B6C3B04A876D861D7158189EC09C83B1E8A827D9E98ABA99BB6142C6D75A1974FE77C1BDAD44D433DFDC8B484828A4A38008E37108DA7F117226E9885858B8400440E0703C9CD3CB3EF4D7D8755A89A4C2914464658A47DFE54D0A422B5378A16E6AC3AF8EE78C0836FE3B1DBF0D4BB2B536C1A1A27F89F4D2ACE4AAA1FCDE2A04CF7B1CC9CB4843346C09063BD8EF4597B13DBF6CFDABDE889EF0775A1F3267647F68AD2A3F4AA8F8ABD00C9E7D504F20006A98CECAAD35AAD7855E3AAFEEABD41F7529A563E46E131B225845CC6D66519BFE802976A6EA65D06FD33965F9D&cpusvn=0303191B04FF01060000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"
Jan 16 15:33:05 atoma-test node[2400]: 2025-01-16 15:33:05.963 [info]: Client Request-ID : 4d9a58d83093462488a63e2e4c96a8fa
Jan 16 15:33:05 atoma-test node[2400]: 2025-01-16 15:33:05.966 [error]: Error: The platform was not found in the cache.
Jan 16 15:33:05 atoma-test node[2400]:     at ReqCachingMode.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:72:11)
Jan 16 15:33:05 atoma-test node[2400]:     at CachingModeManager.getPckCertFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingModeManager.js:54:23)
Jan 16 15:33:05 atoma-test node[2400]:     at Module.getPckCert (file:///opt/intel/sgx-dcap-pccs/services/pckcertService.js:118:41)
Jan 16 15:33:05 atoma-test node[2400]:     at async getPckCert (file:///opt/intel/sgx-dcap-pccs/controllers/pckcertController.js:77:25)
Jan 16 15:33:05 atoma-test node[2400]: 2025-01-16 15:33:05.967 [info]: 127.0.0.1 - - [16/Jan/2025:15:33:05 +0000] "GET /sgx/certification/v4/pckcert?qeid=87B2B079108B1D2508D2C4AA10F6D366&encrypted_ppid=5B1B08B8B0E8089C247C8B70F5C5A4F4163522246EE29B2D4139C85FD6FF6AEA5AF551B29259AC1DFCCEC7C6364E1D52DDE73AD78DF1E1ACDA021567DD9794BE8BC31C25F63BA38C9B340F916E3A1B09BCDA75996DADEE2C22E9300FF4B7EF15B9C194245CBD21DC62844ED02ED44F63CE1C8EEC67C86CA1E3844DBC0B80B4D0AE7B8D8E7B93119FB532F75671A9D2ED53AAABFADA26C50BC51DB1FE94ACF2533B6C3B04A876D861D7158189EC09C83B1E8A827D9E98ABA99BB6142C6D75A1974FE77C1BDAD44D433DFDC8B484828A4A38008E37108DA7F117226E9885858B8400440E0703C9CD3CB3EF4D7D8755A89A4C2914464658A47DFE54D0A422B5378A16E6AC3AF8EE78C0836FE3B1DBF0D4BB2B536C1A1A27F89F4D2ACE4AAA1FCDE2A04CF7B1CC9CB4843346C09063BD8EF4597B13DBF6CFDABDE889EF0775A1F3267647F68AD2A3F4AA8F8ABD00C9E7D504F20006A98CECAAD35AAD7855E3AAFEEABD41F7529A563E46E131B225845CC6D66519BFE802976A6EA65D06FD33965F9D&cpusvn=0303191B04FF01060000000000000000&pcesvn=0F00&pceid=0000 HTTP/1.1" 461 40 "-" "-"

MPA registration logs (last 30 lines)

[16-01-2025 02:25:41] INFO: SGX Registration Agent version: 1.21.100.3
[16-01-2025 02:25:41] INFO: Starts Registration Agent Flow.
[16-01-2025 02:25:41] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[16-01-2025 02:25:41] INFO: Finished Registration Agent Flow.
[16-01-2025 03:09:17] INFO: SGX Registration Agent version: 1.21.100.3
[16-01-2025 03:09:17] INFO: Starts Registration Agent Flow.
[16-01-2025 03:09:17] INFO: Registration Flow - Registration status indicates registration is completed successfully. MPA has nothing to do.
[16-01-2025 03:09:17] INFO: Finished Registration Agent Flow.

[hector-cao]

Now that I take a closer look at the PCCS log, it seems familiar to me, I believe this is caused by your platform is out dated and some information (SEAMLDR SVN) do not match the cert in PCCS cache that has been received from the online Intel Trust Service. I think we need to update the BIOS to fix this issue, so if you can easily update the BIOS of your platform, it can be useful to give it a try

[jorgeantonio21]

@hector-cao I checked with the node operators and it seems the BIOS is up to date, here is the information I got from them:

Yeah even on generic support for the alll poweredge, the latest version is 2.4.4, and that's the version installed on this server.

Your contact will have to be specific as to version he needs, if thats an actual issue. As of right now, it appears the BIOS is fully updated.

Could it be some other issue going on ?

[BFuhry]

Can you please try to do "raw" TD Quote generation as described here. After the execution, please provide the corresponding log entries from the QGS (using sudo journalctl -u qgsd ) and from the PCCS (using sudo journalctl -u pccs).