SGX API Co-signer on-prem setup issues

Support
1

I’m trying to setup the SGX API Co-signer on-prem. In Developer Center I created my api user (in testnet), then setup the co-signer and got the token. I then downloaded the shell script, set executable bit and ran “./cosigner setup” and entered the token. When I look at the logs, it has the following error. Both the user and co-signer say “Pending device setup”

customer_cosigner:20 INFO 02/04/2025 21:21:20,929 main.cpp(1013) ::main - Cosigner Version: 13 Commit Hash: 4ec196aec5 Context={}
customer_cosigner:20 FATAL 02/04/2025 21:21:20,929 main.cpp(1197) ::main - Cosigner not initialized Context={}
2

Hi @mattboston – from the logs you shared, it looks like the cosigner client was never started after setup. Can you run: ./cosigner start and let me know if the user finishes the device setup? Thanks!

3

I did run ./cosigner start. But here’s the output from doing it again. I’ve also tried to stop, check docker ps, then start again.

root@fblx-tn-cs1:~/cosigner-new# docker ps
CONTAINER ID   IMAGE                                                     COMMAND                  CREATED       STATUS                          PORTS     NAMES
351aac9bfd9b   registry.gitlab.com/customer-cosigner/v2/cosigner:3.7.1   "/entrypoint.sh su f…"   2 hours ago   Restarting (255) 1 second ago             cosigner
root@fblx-tn-cs1:~/cosigner-new# ./cosigner start
Pulling cosigner docker
Running cosigner docker
root@fblx-tn-cs1:~/cosigner-new# docker ps
CONTAINER ID   IMAGE                                                     COMMAND                  CREATED       STATUS                           PORTS     NAMES
351aac9bfd9b   registry.gitlab.com/customer-cosigner/v2/cosigner:3.7.1   "/entrypoint.sh su f…"   2 hours ago   Restarting (255) 5 seconds ago             cosigner
4

Any other suggestions?

5

Here’s my pre-requisite check based on the doc here (Install SGX On-prem API Co-signer)

root@fblx-tn-cs1:~# grep -m 1 'model name' /proc/cpuinfo
model name	: Intel(R) Xeon(R) Gold 6442Y

root@fblx-tn-cs1:~# grep -c ^processor /proc/cpuinfo
24

root@fblx-tn-cs1:~# cat /etc/os-release | grep -E "NAME|VERSION"
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
UBUNTU_CODENAME=jammy

root@fblx-tn-cs1:~# uname -r
5.15.0-136-generic

root@fblx-tn-cs1:~# grep 'microcode' /proc/cpuinfo | uniq
microcode	: 0x2b000620

root@fblx-tn-cs1:~# echo "Total RAM: $(echo "scale=2; $(grep MemTotal /proc/meminfo | awk '{print $2}')/1024/1024" | bc)GB"
Total RAM: 117.67GB

root@fblx-tn-cs1:~# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/md3        878G  7.2G  826G   1% /

root@fblx-tn-cs1:~# cpuid -1 | grep -i sgx
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   Software Guard Extensions (SGX) capability (0x12/0):
      SGX1 supported                           = true
      SGX2 supported                           = true
      SGX ENCLV E*VIRTCHILD, ESETCONTEXT       = false
      SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
   SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x4):

root@fblx-tn-cs1:~# grep -m 1 "^siblings" /proc/cpuinfo
siblings	: 24

root@fblx-tn-cs1:~# grep -m 1 "^cpu cores" /proc/cpuinfo
cpu cores	: 24

root@fblx-tn-cs1:~# dmidecode -t processor | grep -i speedstep