Received Empty Signature Revocation List (SigRL) from Intel® Attestation Service

• Performed remote attestation of an Intel® Guard Extensions (Intel® SGX) platform.
• Retrieved SigRL using: GET https://api.trustedservices.intel.com/sgx/attestation/v4/sigrl/00000xxx
• HTTP Status is 200 OK but Response body is empty.

When HTTP status is 200 OK, there are two possibilities:

• SigRL exists: The Base 64-encoded SigRL is in the Response body.
• SigRL does not exist: the Response body is empty.

Refer to Page 9 of the IAS spec (§§ 3.1.2-3) for more details.

Service Providers (SP) can retrieve Signature Revocation Lists for EPID groups. EPID SigRLs are generated by Intel and stored in the IAS. They are used to check revocation status of the platform and Quoting Enclave (QE).

As an optimization, the SP can cache a SigRL retrieved from IAS for a given EPID group and continue to use it until the IAS returns SIGRL_VERSION_MISMATCH for isvEnclaveQuoteStatus in a response to Verify Attestation Evidence. SIGRL_VERSION_MISMATCH indicates that there is a new version of SigRL for a given EPID group that must be used.