Hello folks! My name is Max, I’m a crypto enthusiast and Go developer. I’m trying to set up my own secret node for the upcoming secret main net launch, to become a validator. Unfortunately, I’ve encountered an SGX-related problem that I cannot resolve and my ideas list is empty now.
I have 2 machines with SGX-enabled CPUs from Hetzner, and 1 machine from OVH:
- Hetzner: Intel® Core™ i9-9900K CPU @ 3.60GHz
- OVH: Intel® Xeon® E-2288G CPU @ 3.70GHz
I’m getting the exact same attestation error when trying to setup 0.7.0 testnet node:
$ SCRT_ENCLAVE_DIR=/usr/lib secretd init-enclave
INFO [wasmi_runtime_enclave::registration::attestation] Attestation report: {"id":"300487276081224553918647267366511071135","timestamp":"2020-08-31T00:21:58.627896","version":4,"advisoryURL":"https://security-center.intel.com","advisoryIDs":["INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00233"],"isvEnclaveQuoteStatus":"GROUP_OUT_OF_DATE","platformInfoBlob":"...","isvEnclaveQuoteBody":"..."}
WARN [wasmi_runtime_enclave::registration::cert] TCB level of SGX platform service is outdated. You should check for firmware updates
Platform Okay!
Processor Firmware Update (ucodeUpdate). A security upgrade for your computing
device is required for this application to continue to provide you with a high degree of security. Please contact your device manufacturer’s support website for a BIOS update
for this system
I flashed BIOS on Hetzner nodes to the latest version (they provide a tool for that), updated microcode through deb packages, and of course manually. And OVH claims they have SGX support available, so I suppose they should keep the platform up-to-date with Intel attestation server.
My concern is that there are no Forum topics or Discord discussions about GROUP_OUT_OF_DATE error and how to mitigate it. As if nobody else having this problem.
I’d like to ask for advice, also let me know which Cloud/Dedicated service providers actually deliver SGX capability that will be able to pass Intel’s attestation in the context of running a Secret node.
Thanks!