I know this topic of GROUP_OUT_OF_DATE came up several times, and typically updating BIOS resolved it. Yes, I am aware of this post: https://software.intel.com/en-us/comment/1911344#comment-1911344.
I called "sgx_report_attestation_status" on the "platform information blob". I got error 0x4006 (SGX_ERROR_UPDATE_NEEDED).
Looking at the "sgx_update_info_bit_t*" I got back from "sgx_report_attestation_status" I see: ucodeUpdate == 1; csmeFwUpdate == 0; pswUpdate == 0;
Which I assumed meant I need a microcode update (while the ME and the PSW are OK). I have a NUC machine NUC7i7BNH, and the most recent bios update is from recent November (2017). This brings me to ucode version 0x70:
Output of /proc/cpuinfo:
vendor_id : GenuineIntel
cpu family : 6
model : 142
model name : Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz
stepping : 9
microcode : 0x70
I even tried manually updating the microcode version to 0x80, but I still get GROUP_OUT_OF_DATE error. I wonder if the ucode has to be updated by the BIOS for it to "count" for SGX.
Any hints? Can it be in any way related to my client-side certificates I am using to communicate with IAS?
Is there a new BIOS update for NUC7i7 with the spectre/meltdown patched ucode?