SuperServer 5019S-MR does not support trusted services

Question

SuperServer 5019S-MR does not support trusted services

mitar opened this issue 7 years ago · comments

Mitar commented 7 years ago

As described to me by SuperMicro representative:

it is HW limitation as the X11SSH-F MB is loading with SPS Server Firmware, not ME Firmware

Because of that you do not get /dev/mei0 service and for Linux it means you do not get trusted services.

I reported it here as well: intel/linux-sgx#114

Mitar commented 7 years ago

Yes. :-(

Lars Lühr · Answer 1 · Tue Jun 13 2017 17:19:46 GMT+0800 (China Standard Time)

Thanks for the further information. However, is it still possible to execute SGX and use the trusted services with the older firmware 1.0b as you mentioned in issue #6 ?

Mitar · Answer 2 · Wed Jun 14 2017 01:39:53 GMT+0800 (China Standard Time)

SGX is possible, but trusted services are not. :-(

Mitar · Answer 3 · Wed Jun 14 2017 01:40:35 GMT+0800 (China Standard Time)

I have not tried to run proper enclave outside of simulation mode yet on the device, so I am not sure if lack of trusted services also means you cannot really even spawn a real enclave.

Lars Lühr · Answer 4 · Fri Jun 16 2017 15:36:15 GMT+0800 (China Standard Time)

Okay, without the trusted servers you cannot run the launch enclave which creates the launch keys for your own enclaves. I moved the board to another table in commit 9b141bd.
To my knowledge the only available SGX-capable server today is the Intel SGX server block.
Thanks for your information!

jethrogb · Answer 5 · Fri Jun 23 2017 02:18:01 GMT+0800 (China Standard Time)

Are you using the 1.0b BIOS? I'm getting /dev/mei0 just fine

Edit: only on some machines for some reason. Might have to do with ME firmware version as well?

Mitar · Answer 6 · Fri Jun 23 2017 03:28:37 GMT+0800 (China Standard Time)

Yes, 1.0b BIOS. But maybe it is ME firmware. Maybe because I upgraded my BIOS first to 2.0 and then downgraded to 1.0b?

Mitar · Answer 7 · Sat Jun 24 2017 02:19:36 GMT+0800 (China Standard Time)

@jethrogb Have you found any differences between versions of ME firmware on your machines? Or maybe Linux kernel versions?

jethrogb · Answer 8 · Sat Jun 24 2017 03:01:04 GMT+0800 (China Standard Time)

I don't know how to figure out ME version on a running system.

jethrogb · Answer 9 · Wed Aug 23 2017 07:11:38 GMT+0800 (China Standard Time)

This configuration has an mei0 device:

BIOS Version                              2.0b
Build Date                                07/27/2017
CPLD Version                              02.b1.02

Intel Server Platform Services Configuration

ME BIOS Interface Ver                     1.2
SPS Version                               4.0.3.96

This does not:

BIOS Version                              2.0b
Build Date                                07/27/2017
CPLD Version                              02.b1.02

Intel Server Platform Services Configuration

ME BIOS Interface Ver                     1.2
SPS Version                               4.1.3.22

Mitar · Answer 10 · Wed Aug 23 2017 07:16:01 GMT+0800 (China Standard Time)

Ooo. So SPS version is the culprit. How to downgrade? :-(

fan · Answer 11 · Fri May 07 2021 13:36:49 GMT+0800 (China Standard Time)

This configuration has an mei0 device

What command should I run to see this output?
Thanks.