How to solve error: [QPL] No certificate data for this platform.

[smtmfft]

Hi, There.

Recently, I meet a error when using gramine-sgx to run my binary, the top level message is AESMD returns some errors code, and I checked the aesmd service status, it shows:

aesmd.service - Intel(R) Architectural Enclave Service Manager
     Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-05-08 12:58:11 UTC; 13h ago
    Process: 3782650 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
    Process: 3782663 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 3782665 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 3782667 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 3782669 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 3782671 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
    Process: 3782674 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (code=exited, status=0/SUCCESS)
   Main PID: 3782676 (aesm_service)
      Tasks: 4 (limit: 76593)
     Memory: 5.1M
        CPU: 351ms
     CGroup: /system.slice/aesmd.service
             └─3782676 /opt/intel/sgx-aesm-service/aesm/aesm_service

May 08 12:58:11 adv6-fra systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
May 08 12:58:11 adv6-fra aesm_service[3782674]: aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
May 08 12:58:11 adv6-fra systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
May 08 12:58:11 adv6-fra aesm_service[3782676]: The server sock is 0x55fd86f898d0
May 08 12:58:25 adv6-fra aesm_service[3782676]: [QPL] No certificate data for this platform.
May 08 12:58:25 adv6-fra aesm_service[3782676]: [get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe011

Here I checked error code: 0xe011 is

SGX_QL_NO_PLATFORM_CERT_DATA:
The platform quote provider library doesn't have the platform certification data for this platform.

What does that mean? Is there anything wrong in my system??
Thanks!

BTW: Platform comes from OVHcloud, CPU is Xeon Gold 6312U. The vendor is in support list. https://www.intel.com/content/www/us/en/architecture-and-technology/sgx-product-offerings.html

[dashuaic]

Did you 'register' your platform? If not, you will need to perform either direct registration or indirect registration.

[smtmfft]

Did you 'register' your platform? If not, you will need to perform either direct registration or indirect registration.

Thanks for your reply. You mean register to Intel? Should I do it by myself or ask OVHcloud to do it for me??

[dashuaic]

Need to register on host machine.

[smtmfft]

Need to register on host machine.

Could you please show me some tutorials? Thanks!

[dashuaic]

https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_DCAP_Multipackage_SW.pdf
You can refer this file.