Intel Attestation Server (IAS) Responds with SGX_ERROR_UPDATE_REQUIRED on Fully Updated System when Attempting Enhanced Privacy ID (EPID) Remote Attestation

Content Type: Error Messages | Article ID: 000058393 | Last Reviewed: 07/23/2021

Description Resolution Additional information

Environment

Basic Input Output System (BIOS) is latest version. Intel® Converged Security and Management Engine (Intel® CSME) is latest version.

Description

Ran the sgx-ra-sample code for remote attestation based on Intel® Enhanced Privacy ID (Intel® EPID).

Elliptic Curve Digital Signature Algorithm (ECDSA) completes but EPID fails with: Error, call sgx_ra_get_msg1_ex fail [main]

Logs show that IAS responds to msg1 with PVE_PROV_ATTEST_KEY_TCB_OUT_OF_DATE (SGX_ERROR_UPDATE_REQUIRED).

Resolution

Contact the BIOS manufacturer, provide them all logs and information, and work with them to receive an updated BIOS with the required fixes.

Additional information

The issue is in the implementation of the BIOS by the BIOS manufacturer.

Intel Attestation Server (IAS) Responds with SGX_ERROR_UPDATE_REQUIRED on Fully Updated System when Attempting Enhanced Privacy ID (EPID) Remote Attestation

Environment

Description

Resolution

Additional information

Need more help?