Unable to create SGX enclave in hardware mode - "invalid launch token" even though documentation specifies an invalid launch token as the first one

Question

Intel's documentation says here that if there is no previous launch token, an "invalid" token with all zeros should be used. This works perfectly in simulation mode, but in hardware mode it returns SGX_ERROR_INVALID_LAUNCH_TOKEN, even though that is exactly what it is asking for.

    // Initialize an "invalid" first token, as the documentation specifies (all zeros)
    sgx_launch_token_t token = {0};

    // Create enclave
    sgx_enclave_id_t id;
    int updated = 0;
    const auto status = sgx_create_enclave("enclave.signed.so", SGX_DEBUG_FLAG, &token, &updated, &id, NULL);

    if (status != SGX_SUCCESS) {
        throw "Failed to initialize enclave. (" + get_error_message(status) + ")";
    }

The code returns status = SGX_ERROR_INVALID_LAUNCH_TOKEN

Failed to initialize enclave. (The launch token is not correct.)

Is there maybe anything I'm missing from the building process?

score 0 · Accepted Answer · answered Mar 15 '18 at 16:48

The problem was caused by my application using libsgx_urts.so from /usr/lib and libsgx_uae_service.so from the installation path of my SGX SDK (/opt/intel/sgxsdk/lib64 in my case.)

I changed the linking to the following:

Simulation mode: libsgx_urts.so => /opt/intel/sgxsdk/lib64/libsgx_urts.so libsgx_uae_service.so => /opt/intel/sgxsdk/lib64/libsgx_uae_service.so

Hardware mode: libsgx_urts.so => /usr/lib/libsgx_urts.so libsgx_uae_service.so => /usr/lib/libsgx_uae_service.so `

Unable to create SGX enclave in hardware mode - "invalid launch token" even though documentation specifies an invalid launch token as the first one

1 Answers1