01-10-2018 07:17 AM - edited 01-10-2018 07:44 AM
In December (2017) I had SGX remote attestation working on a Thinkpad T470 (20HD) under Linux.
On the 27th December 2017 Lenovo released a BIOS update 1.44 which addressed CVE-2017-5715.
Since installing the BIOS update attestation now fails, with the following messages:
: Error, call sgx_get_extended_epid_group_id fail: 0x4001
: sgx_create_enclave() needs the AE service to get a launch token
AE - Architectural Enclave - another SGX instance on the machine.
I assume the Spectre fix CVE-2017-5715 has changed the time taken to perform an operation which has caused the AE service to be declared as not running.
Solved! Go to Solution.
01-11-2018 04:31 AM
OK now fixed! The aesmd service was failing because the sgx driver was not running.
I had updated the kernel version, which then required the sgx driver to be reinstalled.-Arthur