Article ID: 000058393 Content Type: Error Messages Last Reviewed: 07/23/2021

Intel Attestation Server (IAS) Responds with SGX_ERROR_UPDATE_REQUIRED on Fully Updated System when Attempting Enhanced Privacy ID (EPID) Remote Attestation

Environment

Basic Input Output System (BIOS) is latest version. Intel® Converged Security and Management Engine (Intel® CSME) is latest version.  

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

How to update system to prevent provisioning errors

Description

Ran the sgx-ra-sample code for remote attestation based on Intel® Enhanced Privacy ID (Intel® EPID).

Elliptic Curve Digital Signature Algorithm (ECDSA) completes but EPID fails with: Error, call sgx_ra_get_msg1_ex fail [main]

Logs show that IAS responds to msg1 with PVE_PROV_ATTEST_KEY_TCB_OUT_OF_DATE (SGX_ERROR_UPDATE_REQUIRED).

Resolution

Contact the BIOS manufacturer, provide them all logs and information, and work with them to receive an updated BIOS with the required fixes.

Additional information

The issue is in the implementation of the BIOS by the BIOS manufacturer.

Related Products

This article applies to 1 products

Intel® Software Guard Extensions (Intel® SGX)

Need more help?

Contact support

Disclaimer

1

All postings and use of the content on this site are subject to Intel.com Terms of Use.