Intel IAS认证没有通过，请检查您的主板或网络

360截图20210819201945961556×687 61.9 KB

两台机器都是这样子，一个E2288的cpu，一个10900K的机器，之前测试网都是正常工作的机器
看脚本输出，驱动是成功安装了的，内核也没问题5.4.0-81-generic，server系统， 20.04.02

----------为DCAP驱动添加运行权限----------
----------尝试安装DCAP驱动----------
Unpacking Intel SGX Driver ... done.
Verifying the integrity of the install package ... done.
Installing Intel SGX Driver ...
/tmp/sgx-driver-Wrmvaw /home/zhy/solo-mining-scripts-para
install -d /opt/intel/sgxdriver/package
install -d /opt/intel/sgxdriver/scripts
cp -r package/* /opt/intel/sgxdriver/package
install scripts/* /opt/intel/sgxdriver/scripts
/home/zhy/solo-mining-scripts-para

Creating symlink /var/lib/dkms/sgx/1.41/source ->
                 /usr/src/sgx-1.41

DKMS: add completed.

Kernel preparation unnecessary for this kernel.  Skipping...

Building module:
cleaning build area...
'make' KDIR=/lib/modules/5.4.0-81-generic/build...
Signing module:
 - /var/lib/dkms/sgx/1.41/5.4.0-81-generic/x86_64/module/intel_sgx.ko
Secure Boot not enabled on this system.
cleaning build area...

DKMS: build completed.

intel_sgx.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/5.4.0-81-generic/updates/dkms/

depmod...

DKMS: install completed.

uninstall.sh script generated in "/opt/intel/sgxdriver".

Installation is successful!
----------删除临时文件----------
----------测试信用等级，正在等待Intel下发IAS远程认证报告！----------
(standard_in) 2: syntax error
/opt/phala/scripts/config.sh: line 87: [: -eq: unary operator expected
----------Intel IAS认证没有通过，请检查您的主板或网络！----------

多执行几次install

今天试了一天了

没有人遇到过同样的问题吗？

帖子不能编辑了，不知道啥情况，在这里不上直接测试的报告

~$ sudo phala sgx-test
Sleep 6s
aesm_service[15]: The server sock is 0x55bc61e0c190
Detecting SGX, this may take a minute...
aesm_service[15]: Malformed request received (May be forged for attack)
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
aesm_service[15]: InKernel LE loaded
✔  SGX instruction set
  ✔  CPU support
  ✔  CPU configuration
  ✔  Enclave attributes
  ✔  Enclave Page Cache
  SGX features
    ✘  SGX2  ✘  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✘  KSS  
    Total EPC size: 93.0MiB
✔  Flexible launch control
  ✔  CPU support
  ？ CPU configuration
  ✔  Able to launch production mode enclave
✔  SGX system software
  ✔  SGX kernel device (/dev/sgx/enclave)
  ✔  libsgx_enclave_common
  ✔  AESM service
  ✔  Able to launch enclaves
    ✔  Debug mode
    ✔  Production mode
    ✔  Production mode (Intel whitelisted)

You're all set to start running SGX programs!
Generated machine id:
[3, 83, 235, 141, 130, 154, 171, 24, 126, 146, 192, 29, 152, 45, 188, 59]

CPU Cores:
20

Encoded runtime info:
[1, 0, 0, 0, 3, 83, 235, 141, 130, 154, 171, 24, 126, 146, 192, 29, 152, 45, 188, 59, 2, 139, 192, 126, 5, 23, 203, 201, 101, 5, 98, 22, 195, 127, 199, 83, 139, 167, 22, 119, 216, 90, 247, 109, 130, 250, 1, 125, 240, 158, 129, 79, 112, 8, 20, 0, 0, 0, 1, 0, 0, 0]
Testing RA...
aesm_service[15]: [ADMIN]EPID Provisioning initiated
aesm_service[15]: The Request ID is 64b8c3c9e5f24529a48d5b08ed31d766
aesm_service[15]: The Request ID is 07d297d1b83546ae8f1c6aa075ca1a4b
thread '<unnamed>' panicked at 'error while doing remote attestation: SGX_ERROR_SERVICE_TIMEOUT', src/lib.rs:448:132
note: Call backtrace::enable_backtrace with 'PrintFormat::Short/Full' for a backtrace.
fatal runtime error: failed to initiate panic, error 5
./start_sgx_detect.sh: line 20:    41 Illegal instruction     (core dumped) ./app

E2288这个问题你解决了否？
更换成Ubuntu 18.04,或者降低内核版本都不能解决。

SGX_error_service_out也许跟asemd 有关，我正在排查。
有进一步信息互相共享。

网络问题，请多试几次

Thanks

经过多次测试，故障依旧，不像是网络的问题。
咨询了Intel的客服。试了以下三个测试命令，结果如下，希望对定位问题有帮助。

$ cat /var/log/syslog | grep -i sgx

$ cat /var/log/syslog | grep -i aesm

$ dmesg | grep -i sgx

Aug 25 05:51:29 dell-PowerEdge-R240 systemd[1]: aesmd.service: Control process exited, code=exited status=127
Aug 25 05:51:29 dell-PowerEdge-R240 systemd[1]: aesmd.service: Failed with result ‘exit-code’.
Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: aesmd.service: Service hold-off time over, scheduling restart.
Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: aesmd.service: Scheduled restart job, restart counter is at 5276.
Aug 25 05:51:44 dell-PowerEdge-R240 aesm_service[5201]: /opt/intel/sgxpsw/aesm/aesm_service: error while loading shared libraries: libprotobuf.so.9: cannot open shared object file: No such file or directory
Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: aesmd.service: Control process exited, code=exited status=127
Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: aesmd.service: Failed with result ‘exit-code’.
Aug 25 05:51:58 dell-PowerEdge-R240 aesm_service[5846]: [get_driver_type edmm_utility.cpp:111] Failed to open Intel SGX device.
Aug 25 05:51:58 dell-PowerEdge-R240 aesm_service[5846]: [get_driver_type edmm_utility.cpp:111] Failed to open Intel SGX device.
Aug 25 05:51:58 dell-PowerEdge-R240 aesm_service[5846]: The server sock is 0x55d75df751f0
Aug 25 06:02:35 dell-PowerEdge-R240 aesm_service[1178]: The server sock is 0x5642514521f0
dell@dell-PowerEdge-R240:~$

dell@dell-PowerEdge-R240:~$ dmesg | grep -i sgx
[ 2.532040] intel_sgx: loading out-of-tree module taints kernel.
[ 2.532052] intel_sgx: module verification failed: signature and/or required key missing - tainting kernel
[ 2.532371] intel_sgx: EPC section 0x70200000-0x75f7ffff
[ 2.532527] intel_sgx: Intel SGX DCAP Driver v1.41
dell@dell-PowerEdge-R240:~$

Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: /dev/sgx is not a device.
Aug 25 05:51:44 dell-PowerEdge-R240 systemd[1]: Couldn’t stat device /dev/isgx: No such file or directory
Aug 25 05:51:44 dell-PowerEdge-R240 aesm_service[5201]: /opt/intel/sgxpsw/aesm/aesm_service: error while loading shared libraries: libprotobuf.so.9: cannot open shared object file: No such file or directory
Aug 25 05:51:58 dell-PowerEdge-R240 systemd[1]: /dev/sgx is not a device.
Aug 25 05:51:58 dell-PowerEdge-R240 systemd[1]: Couldn’t stat device /dev/isgx: No such file or directory
Aug 25 05:51:58 dell-PowerEdge-R240 aesm_service[5846]: [get_driver_type edmm_utility.cpp:111] Failed to open Intel SGX device.
Aug 25 05:51:58 dell-PowerEdge-R240 aesm_service[5846]: [get_driver_type edmm_utility.cpp:111] Failed to open Intel SGX device.
Aug 25 06:02:34 dell-PowerEdge-R240 systemd-modules-load[421]: Inserted module ‘intel_sgx’
Aug 25 06:02:34 dell-PowerEdge-R240 kernel: [ 2.532040] intel_sgx: loading out-of-tree module taints kernel.
Aug 25 06:02:34 dell-PowerEdge-R240 kernel: [ 2.532052] intel_sgx: module verification failed: signature and/or required key missing - tainting kernel
Aug 25 06:02:34 dell-PowerEdge-R240 kernel: [ 2.532371] intel_sgx: EPC section 0x70200000-0x75f7ffff
Aug 25 06:02:34 dell-PowerEdge-R240 kernel: [ 2.532527] intel_sgx: Intel SGX DCAP Driver v1.41
Aug 25 06:02:35 dell-PowerEdge-R240 systemd[1]: /dev/sgx is not a device.
Aug 25 06:02:35 dell-PowerEdge-R240 systemd[1]: Couldn’t stat device /dev/isgx: No such file or directory
dell@dell-PowerEdge-R240:~$

无奈了，其他矿工也不知道怎么挖的，就我俩遇见这个问题了？ 也没人处理

你好，根据log可以定位到SGX驱动未成功加载，请检查您主板的SGX功能是否已经开启。

我发的问题是什么情况呢，试了好几天了，一直都是这个样字

建议您从自己的系统和配置入手。感谢您的关注和支持。
您也可以尝试使用以下命令更新脚本
sudo phala update scripts

向日葵，链接方式私信发我，我登录试试。看能不能搞定。。。。。

你好，麻烦按照楼上提供的方法查看一下宿主机的aesmd log:

$ cat /var/log/syslog | grep -i sgx
$ cat /var/log/syslog | grep -i aesm
$ dmesg | grep -i sgx

$ dmesg | grep -i sgx
[    3.316687] intel_sgx: loading out-of-tree module taints kernel.
[    3.317665] intel_sgx: module verification failed: signature and/or required key missing - tainting kernel
[    3.320809] intel_sgx: EPC section 0x70200000-0x7bf7ffff
[    3.321534] intel_sgx: Intel SGX DCAP Driver v1.41
[21636.795720] intel_sgx: EPC section 0x70200000-0x7bf7ffff
[21636.796686] intel_sgx: Intel SGX DCAP Driver v1.41

问题解决了。
换另一家的专网， Intel IAS能通过。
通过以后再换回来， 原来的也能通过了。
因此是网络问题，但Root cause真说不上来，估计是路由, 地址老化，或者线路搭建不合理形成环等原因。
没有进一步研究。

我这里只有电信线路

新版本挖矿客户端已正常执行

我也出现了同样的问题，有没有解决了的