Releases: google/asylo
Release 0.6.3
Asylo 0.6.3 contains 92 commits since the 0.6.2 release, including a number of security and correctness fixes.
Changes since 0.6.2 include:
- Fixes for security vulnerabilities (a47ef55, 4d86841, ecfcd00, 53ed5d8, 90d7619)
- Cleanup and fixes in syscall handling (5bf2e73, 9a67f94, 7985430)
- Migration from asylo::Status to absl::Status
- Cleanup of potentially disrespectful terms
- Updated to newer versions of dependencies
- General maintenance work
Compatibility:
- Now that Abseil has released support for Status objects,
asylo::Status
is now deprecated in favor ofabsl::Status
. Implicit conversion is provided to allow users time to migrate toabsl::Status
, but this will be removed in a future release.
Release 0.6.2
Asylo 0.6.2 has just been released, with 43 commits since the 0.6.1 release. This was a fairly minor release focused on cleanup, maintenance, and security fixes.
Changes since 0.6.1 include:
Release 0.6.1
Asylo 0.6.1 has just been released, with 68 commits since the 0.6.0 release. This was a fairly minor release focused on cleanup, maintenance, and security fixes.
Changes since 0.6.0 include:
- Various security fixes (a37fb6a (CVE-2020-8937), 6e158d5 (CVE-2020-8943), fa6485c (CVE-2020-894), ed0926b (CVE-2020-8935), 83036fd (CVE-2020-8936), bda9772 (CVE-2020-8938), 6ff3b77 (CVE-2020-8939), 8fed5e3 (CVE-2020-8941), b1d120a (CVE-2020-8942), 382da2b (CVE-2020-8944), c64b8bd)
- Updated to newer versions of dependencies
- Maintenance work and bug fixes
Release 0.6.0
Changes since 0.5.3 include:
- LVI vulnerability mitigations
- Bazel transitions support
- Efficient synchronization primitives
- Remote attestation support complete. See
SgxIntelEcdsaQeRemoteAssertionGenerator
andEnclaveCredentialsOptions
. - Utility provided to fetch PCK certificates from Intel’s PCS
- Support for Intel’s (soon-to-be) upstream SGX kernel driver. Asylo now supports both Intel’s separate GitHub SGX kernel driver and the version being integrated with the main Linux kernel tree.
- Additional input validation for
fork()
andrecvfrom()
. Fixes vulnerabilities reported by Baidu Security (commits: e582f36, 299f804). - Updated to newer versions of dependencies
- Improved documentation and testing
- Maintenance work and bug fixes
Compatibility:
AesGcmSivCryptor
was previously deprecated and is now removed. UseAeadCryptor
instead (commits: 7220263, df55fa1)- The
ENCLAVE_STORAGE_SET_KEY
ioctl definition (needed for using Asylo’s secure storage) is no longer included in<sys/ioctl.h>
(deprecated previously). Users must now include“asylo/secure_storage.h”
to get this macro. (commit: 0e0f9e0) - The
Match
method on expectation matches is deprecated. UseMatchAndExplain
instead (commit: 03b767d) - Bazel transitions support enabled by default.
--config=<backend>
flags should no longer be given on the Bazel command line. If you need to block this change for any of your targets, the non-transition-based build style can be reactivated from yourWORKSPACE
file during a transitional period. See Building documentation. (commit: 66f4184) - Identity-related headers were previously moved, but the old locations remained for compatibility. Those old locations have now been removed. (commit: 2fd415c)
- In order to use gRPC, a project’s
WORKSPACE
file should callgrpc_deps()
andgrpc_extra_deps()
. In the past, Asylo implicitly imported some of gRPC’s dependencies, but this should not be relied upon. (commit: 806eeff) - Support for legacy
SgxIdentity
messages (previously deprecated) has been removed. (commit: e7abad7)
Release 0.5.3
Changes since 0.5.2 include:
- Updated to the latest Intel SGX SDK to pick up fixes and improvements
- Added bindings for calling into Asylo enclaves from Java applications
- Stability fixes for signal handling in SGX simulation mode
- Performance improvements through more efficient locking mechanisms
- Updated to newer versions of dependencies
- Additional POSIX interface implementations
- Improved documentation and testing
- Maintenance work and bug fixes
Compatibility:
- The SGX SDK update included changes that are not binary compatible with previous releases. When updating to Asylo 0.5.3, ensure you rebuild both your enclave and its loader. (c667347, 9948912)
- The non-standard ENCLAVE_STORAGE_SET_KEY ioctl request has been moved to <asylo/secure_storage.h>. The implicit definition by including <sys/ioctl.h> is deprecated and will be removed in a future release. If using Asylo secure storage, ensure that the secure_storage.h header is included where needed. (4a9d2f2)
Release 0.5.2
Changes since 0.5.1 include:
- Security fix for sanitization of returned buffer sizes from host calls commit
- Maintenance work and bug fixes
Compatibility:
- SgxLoader and SgxEmbeddedLoader classes have been deprecated, as well as the EnclaveManager LoadEnclave method that accepted them. Instead, one should pass an EnclaveLoadConfig to LoadEnclave. commit
- asylo/grpc/util:grpc_enclave_config is now configured to provide much less stack and TCS. If you need more, you can still specify a custom sgx_enclave_configuration. commit
- In order to prepare for upcoming changes in Bazel, we've taken dependencies on fairly recent versions of rules_cc, rules_proto, rules_python, and rules_java. If your WORKSPACE file pulls in older versions of these dependencies (even transitively) prior to calling asylo_deps(), you may run into issues requiring you to include these newer versions. commit
Release 0.5.1
Changes since 0.5.0 include:
- Fix for SGX hardware enclaves with Bazel 1.0+ commit
- Updated to newer versions of dependencies
- Improved documentation and testing
- Maintenance work and bug fixes
Compatibility:
- The sgx_unsigned_enclave Bazel macro is deprecated in favor of cc_unsigned_enclave (asylo.bzl) with a specified sgx backend, or sgx_cc_unsigned_enclave (sgx_rules.bzl) as a shorthand for the former. commit
- The previously deprecated sgx_enclave macro has been removed. Instead cc_unsigned_enclave or debug_sign_enclave should be used, specifying backends = sgx.backend_labels. commit
- The HostConfig proto field in EnclaveConfig is deprecated. Related methods for creating configs in enclave_config_util.h have been updated so that they do not require a HostConfig parameter. commit, commit
- AesGcmSivCryptor is deprecated in favor of AeadCryptor. commit
- The deprecated SGXLoader/SimLoader/SimEmbeddedLoader aliases have been removed. The EnclaveLoadConfig/SgxLoadConfig proto should be used instead. commit, commit
- A number of items under asylo/identity have been moved. The old locations have been deprecated in favor of the new ones.
- asylo/identity/null_identity/... -> asylo/identity/attestation/null/…
- asylo/identity/sgx/... -> asylo/identity/attestation/sgx/…
- asylo/identity/util/... -> asylo/crypto/…
- asylo/identity:sealed_secret_proto -> asylo/identity/sealing:sealed_secret_proto
- asylo/identity:sealed_secret_cc_proto -> asylo/identity/sealing:sealed_secret_cc_proto
- asylo/identity:secret_sealer -> asylo/identity/sealing:secret_sealer
- asylo/identity:enclave_assertion_generator -> asylo/identity/attestation:enclave_assertion_generator
- asylo/identity:enclave_assertion_verifier -> asylo/identity/attestation:enclave_assertion_verifier
Release 0.5.0
Changes since 0.4.1 include:
- Addition of remote backend
- Documentation of the Enclave Key Exchange Protocol
- Added ability to apply channel-level authorization to EKEP-based gRPC connections
- Guide for gRPC authentication and authorization in EKEP-based connections
- fork() implementation is now thread-safe
- Additional POSIX interface implementations
- Updated to newer versions of dependencies
- Improved documentation and testing
- Maintenance work and bug fixes
Compatibility:
- The EnclaveManager::LoadEnclave API has been simplified to take a protobuf instead of requiring the creation of a backend-specific EnclaveLoader object. The old APIs are deprecated and will be removed in a future release.
- The sgx_enclave bazel macro is now deprecated. To make it clearer how to create signed enclaves, it is replaced by sgx_unsigned_enclave and sgx_debug_enclave/sgx_signed_enclave (see our Quickstart and SGX Release guides for examples).
- SgxLocalSecretSealer has changed the format of its sealed secrets. It will continue to be able to unseal old secrets for a compatibility period, but any data previously sealed with SgxLocalSecretSealer should be resealed at v0.5.0 to maintain compatibility moving forward.
- The sgx_code_identity_expectation_matcher library is deprecated in favor of sgx_identity_expectation_matcher.
- Aliasing of SGX simulation as just “sim” has been deprecated. As we’re adding more backend modes, it was determined that being more explicit on which is being used was appropriate. This includes --config=enc-sim (use --config=sgx-sim), sim_enclave bazel macro (see sgx_enclave bullet above), SimLoader (use SgxLoadConfig), and SimEmbeddedLoader (use SgxLoadConfig).
- The CleansingString type is deprecated in favor of CleansingVector.
- The asylo_py_proto_library bazel macro (deprecated in v0.4.1) has been removed. Now that the issues with grpc_proto_library and proto_library have been resolved, the standard py_proto_library should be used directly instead.
Release 0.4.1
The changes since 0.4.0 include:
- Initial integration of new “primitives” backend abstraction layer
- Increase of default enclave heap size
- Deprecated asylo_py_proto_library Bazel macro
- Additional POSIX interface implementations
- Updated to newer versions of dependencies
- Improved documentation and testing
- Maintenance work and bug fixes
Release 0.4.0
The changes since 0.3.4 include:
- Changed default TCS_POLICY
- Added guide for wrapping entire applications in an enclave
- Added secure handling of data in fork() implementation
- Significant progress toward fully using our new “primitives” backend abstraction layer
- Significant progress toward supporting SGX platform provisioning and remote attestation
- Deprecated asylo_proto_library and asylo_grpc_proto_library Bazel macros
- Additional POSIX interface implementations
- Updated to newer versions of primary dependencies
- Improved documentation and testing
- Maintenance work and bug fixes