QuoteGenerationSample succeed but QuoteVerificationSample failed with 0xe021 about sgxdatacenterattestationprimitives HOT 6 OPEN

0xe021 means PCK cert chain is invalid.

Have you installed default QPL and configured PCCS by following PCCS README?
If yes, pls also make sure PCCS database is NOT corrupted.

from sgxdatacenterattestationprimitives.

I checked QPL and PCCS steps log, find an error prompt, I'm not sure if it's related with this 0xe021 error. This is the .rnd error log when installing pccs:

Do you want to generate insecure HTTPS key and cert for PCCS service? [Y] (Y/N) :
Generating RSA private key, 1024 bit long modulus (2 primes)
..............................................................................................................................+++++
..............+++++
e is 65537 (0x010001)
Can't load /home/user1/.rnd into RNG
140082304180672:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/user1/.rnd
You are about to be asked to enter information that will be incorporated
into your certificate request.

from sgxdatacenterattestationprimitives.

Besides, I debugged the QuoteGenerationSample, at line 221 of https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/SampleCode/QuoteGenerationSample/App/App.cpp, I find p_cert_data->certification_data (length is 0n500) are all 0x00 except 2 bytes at 0x55555557773c and 1 byte at 0x55555557774c
0x55555557773c: 0x02 0x02 0x00 0x00 0x00 0x00 0x00 0x00
0x555555577744: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x55555557774c: 0x0a 0x00 0x00 0x00 0x00 0x00 0x00 0x00
(gdb) p *p_cert_data
$2 = {cert_key_type = 5, size = 500, certification_data = 0x5555555775bc ""}

from sgxdatacenterattestationprimitives.

Can you open the quote file (../QuoteGenerationSample/quote.dat, with any editor).
Ideally, PCK cert chain should at the end the file.

from sgxdatacenterattestationprimitives.

I opened ../QuoteGenerationSample/quote.dat, the last 0x1F4(=0n500) bytes are all 0x00 except:
00000590: 00 00 00 00 00 00 00 00 00 00 00 00 02 02 00 00 ................
000005a0: 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 ................
This is same as debug result.

from sgxdatacenterattestationprimitives.

It means you didn't get correct PCK cert chain during Quote Generation.
Pls check QPL/QCNL/PCCS config and run QuoteGenerationSample again, make sure the PCK cert chain is correct.

from sgxdatacenterattestationprimitives.