Description
Hello,
I'm experiencing an issue with remote attestation using DCAP in Gramine on my Intel SGX-equipped computer. When running SGX applications with Gramine without attestation, everything works fine. The AESM service appears to be running correctly, as shown by the following output of sudo service aesmd status:
aesmd.service - Intel(R) Architectural Enclave Service Manager
Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-10-03 13:09:15 EDT; 29s ago
Process: 2975769 ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh (code=exited, status=0/SUCCESS)
Process: 2975782 ExecStartPre=/bin/mkdir -p /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 2975784 ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 2975785 ExecStartPre=/bin/chmod 0755 /var/run/aesmd/ (code=exited, status=0/SUCCESS)
Process: 2975786 ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 2975787 ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/ (code=exited, status=0/SUCCESS)
Process: 2975788 ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service (code=exited, status=0/SUCCESS)
Main PID: 2975789 (aesm_service)
Tasks: 4 (limit: 153983)
Memory: 3.3M
CPU: 74ms
CGroup: /system.slice/aesmd.service
└─2975789 /opt/intel/sgx-aesm-service/aesm/aesm_service
systemd[1]: Starting Intel(R) Architectural Enclave Service Manager...
aesm_service[2975788]: aesm_service: warning: Turn to daemon. Use "--no-daemon" option to execute in foreground.
systemd[1]: Started Intel(R) Architectural Enclave Service Manager.
aesm_service[2975789]: The server sock is 0x55ad3bd672f0
However, when attempting to perform remote attestation, I encounter the following errors in the AESM service logs (sudo service aesmd status):
aesm_service[2975789]: [QCNL] Encountered CURL error: (7) Couldn't connect to server
aesm_service[2975789]: [QPL] Failed to get quote config. Error code is 0xb006
aesm_service[2975789]: [get_platform_quote_cert_data ../qe_logic.cpp:388] Error returned from the p_sgx_get_quote_config API. 0xe019
The issue only occurs during remote attestation; local attestation works fine. How can I resolve this remote attestation issue for DCAP in Gramine? Are there additional configurations required for the AESM service to enable network communication for attestation? Any guidance or suggestions would be greatly appreciated, thank you!