Skip to content
Compare
Choose a tag to compare

v0.17.5

Pre-release
Pre-release

Added

  • Added MUSL time functions
    asctime, asctime_r, ctime, ctime_r, ftime, localtime, localtime_r, strptime, timespec_get, wcsftime

Changed

  • Fix bug with incorrect layout of thread-local sections (tbss and tdata). Previous releases of OE had a bug where these sections
    will be laid out incorrectly in some cases where the tbss section had a lower alignment value than tdata section.
  • OpenSSL is now built with threads support (with the dependency on the host). Note that the previous versions of OpenSSL are not suitable for multi-threaded applications.

On Ubuntu 18.04: DCAP: 1.10.103.1-bionic1 PSW: 2.13.103.1-bionic1 SGXDriver: 1.33
On Ubuntu 20.04: DCAP: 1.10.103.1-focal1 PSW: 2.13.103.1-focal1 SGXDriver: 1.33
On Windows Server 2019: DCAP: 1.10.103.1 PSW: 2.12.103.1

Compare
Choose a tag to compare

v0.17.2

Pre-release
Pre-release

Security

  • Updated openssl to version 1.1.1L. Please refer to release log to find list of CVEs addressed by this version.

On Ubuntu 18.04: DCAP: 1.10.103.1-bionic1 PSW: 2.13.103.1-bionic1 SGXDriver: 1.33
On Ubuntu 20.04: DCAP: 1.10.103.1-focal1 PSW: 2.13.103.1-focal1 SGXDriver: 1.33
On Windows Server 2019: DCAP: 1.10.103.1 PSW: 2.12.103.1

Compare
Choose a tag to compare

v0.17.1

Pre-release
Pre-release

Added

  • Enabled creation of enclaves with base address 0x0 in SGX on Linux.
    • This feature requires PSW version 2.14.1 or above.
    • In 0-base enclaves a page fault is thrown on NULL pointer dereference.
    • This enables applications to adopt NullPointerException/ NullReferenceException in their program logic and/or use other application stacks that do (Example, .NET runtime).
    • Developers can create an 0-base enclave by setting the oesign tool configuration option 'CreateZeroBaseEnclave' to 1 or by passing in argument CREATE_ZERO_BASE_ENCLAVE=1 in OE_SET_ENCLAVE_SGX2().
    • If the 0-base enclave creation is chosen, enclave image start address should be provided by setting the oesign tool configuration option 'StartAddress' or pass in the argument ENCLAVE_START_ADDRESS in OE_SET_ENCLAVE_SGX2().

Security

On Ubuntu 18.04: DCAP: 1.10.103.1-bionic1 PSW: 2.13.103.1-bionic1 SGXDriver: 1.33
On Ubuntu 20.04: DCAP: 1.10.103.1-focal1 PSW: 2.13.103.1-focal1 SGXDriver: 1.33
On Windows Server 2019: DCAP: 1.10.103.1 PSW: 2.12.103.1

Compare
Choose a tag to compare

v0.17.0

Pre-release
Pre-release

Added

  • Ubuntu 20.04 packages are included in this release.
  • OE SDK is now built using clang-10. It is required to upgrade the compiler to clang-10 if you are building the SDK from source.
  • Add the CapturePFGPExceptions preference for the SGX2 feature of capturing #PF and #GP exceptions inside an enclave.
    • Developers can specify the CapturePFGPExceptions with a binary value in the enclave config file or set the value via the newly added OE_SET_ENCLAVE_SGX2 macro, which is used to set SGX2-specific properties.
    • When setting CapturePFGPExceptions=1, the OE loader will enable the feature when running on an SGX2-capable CPU.
    • Once enabled, the in-enclave exception handler can capture the #PF (with the OE_EXCEPTION_PAGE_FAULT code) and #GP (with the code OE_EXCEPTION_ACCESS_VIOLATION code) exceptions.
    • More information about the exceptions can be found in the faulting_address and error_code members of the oe_exception_record_t structure passed into the handler.
  • Add the following attestation claims from oe_verify_evidence():
    • OE_CLAIM_TCB_STATUS
    • OE_CLAIM_TCB_DATE
  • Publish tool oeutil.
  • SGX enclaves created using OE SDK can now be debugged using oelldb.
    oelldb is a python based extension for LLDB that supports debugging SGX enclaves. lldb-7 or above is required.
  • SGX Evidence verification stops checking SGX QEIdentity nextUpdate field.

Deprecated

  • The Release build type for building the Open Enclave SDK from source is deprecated. The recommendation is using RelWithDebInfo instead.

Packages in this release have been tested against the following Intel packages

On Ubuntu 18.04: DCAP: 1.10.103.1-bionic1 PSW: 2.13.103.1-bionic1 SGXDriver: 1.35
On Ubuntu 20.04: DCAP: 1.10.103.1-focal1 PSW: 2.13.103.1-focal1 SGXDriver: 1.33
On Windows Server 2019: DCAP: 1.10.103.1 PSW: 2.12.103.1

Compare
Choose a tag to compare
Compare
Choose a tag to compare
Compare
Choose a tag to compare

v0.17.0-rc2

Pre-release
Pre-release

Added

  • Ubuntu 20.04 packages are included in this release.
  • OE SDK is now built using clang-10. It is required to upgrade the compiler to clang-10 if you are building the SDK from source.
  • Add the CapturePFGPExceptions preference for the SGX2 feature of capturing #PF and #GP exceptions inside an enclave.
    • Developers can specify the CapturePFGPExceptions with a binary value in the enclave config file or set the value via the newly added OE_SET_ENCLAVE_SGX2 macro, which is used to set SGX2-specific properties.
    • When setting CapturePFGPExceptions=1, the OE loader will enable the feature when running on an SGX2-capable CPU.
    • Once enabled, the in-enclave exception handler can capture the #PF (with the OE_EXCEPTION_PAGE_FAULT code) and #GP (with the code OE_EXCEPTION_ACCESS_VIOLATION code) exceptions.
    • More information about the exceptions can be found in the faulting_address and error_code members of the oe_exception_record_t structure passed into the handler.
  • Add the following attestation claims from oe_verify_evidence():
    • OE_CLAIM_TCB_STATUS
    • OE_CLAIM_TCB_DATE
  • Publish tool oeutil.
  • SGX enclaves created using OE SDK can now be debugged using oelldb.
    oelldb is a python based extension for LLDB that supports debugging SGX enclaves. lldb-7 or above is required.

Deprecated

  • The Release build type for building the Open Enclave SDK from source is deprecated. The recommendation is using RelWithDebInfo instead.
  • Experimental support for RHEL has been deprecated.
Compare
Choose a tag to compare

v0.17.0-rc1

Pre-release
Pre-release

Changed

  • OE SDK is now built using clang-10. It is required to upgrade the compiler to clang-10 if you are building the SDK from source.

Added

  • Add the CapturePFGPExceptions preference for the SGX2 feature of capturing #PF and #GP exceptions inside an enclave.
    • Developers can specify the CapturePFGPExceptions with a binary value in the enclave config file or set the value via the newly added OE_SET_ENCLAVE_SGX2 macro, which is used to set SGX2-specific properties.
    • When setting CapturePFGPExceptions=1, the OE loader will enable the feature when running on an SGX2-capable CPU.
    • Once enabled, the in-enclave exception handler can capture the #PF (with the OE_EXCEPTION_PAGE_FAULT code) and #GP (with the code OE_EXCEPTION_ACCESS_VIOLATION code) exceptions.
    • More information about the exceptions can be found in the faulting_address and error_code members of the oe_exception_record_t structure passed into the handler.
  • Add the following attestation claims from oe_verify_evidence():
    • OE_CLAIM_TCB_STATUS
    • OE_CLAIM_TCB_DATE
  • Publish tool oeutil.
  • SGX enclaves created using OE SDK can now be debugged using oelldb.
    oelldb is a python based extension for LLDB that supports debugging SGX enclaves. lldb-7 or above is required.

Deprecated

  • The Release build type for building the Open Enclave SDK from source is deprecated. The recommendation is using RelWithDebInfo instead.
Compare
Choose a tag to compare

v0.16.1

Pre-release
Pre-release

Added

Packages in this release have been tested against the following Intel packages

On Ubuntu 1804: DCAP: 1.10.100.4-bionic1 PSW: 2.13.103.1-bionic1
On Windows Server 2019: DCAP: 1.10.100.4 PSW: 2.12.100.4

Compare
Choose a tag to compare

v0.16.0

Pre-release
Pre-release

Added

  • Add the initial support of cryptographic module loading in SGX enclaves. Refer to the design document for more detail.
  • Add the support of getrandom libc API and syscall in enclaves.
  • Add libsgx-quote-ex, sgx-aesm-service and several SGX AESM plugins to Ansible scripts so that users will be able to select in-process or out-of-process call path for quote generation. Refer to the attestation sample for more information.
  • Open Enclave SDK installation on Linux sets the environment variable "SGX_AESM_ADDR" to 1 to enable attestation quote generation to occur out of the application process.
  • Add the support of the OE_ENCLAVE_FLAG_DEBUG_AUTO flag to the oe_create_enclave API. When the flag is set and the OE_ENCLAVE_FLAG_DEBUG flag is cleared, the debug mode is automatically turned on/off based on the value of Debug specified in the enclave config file.
  • Publish test tool oegenerate.
    • The tool, currently under the tools directory, was originally named oecert under the tests/tools directory.
    • The tool can be used to generate certificates, reports, and evidence in various formats.
    • The tool is for debugging purposes and is not suitable for production use.
  • Full support for SGX KSS (Key Separation and Sharing) including

Changed

  • The OpenEnclave CMake configuration now explicitly sets CMAKE_SKIP_RPATH to TRUE. This change should not affect fully static-linked enclaves.
  • oe_verify_attestation_certificate_with_evidence() has been deprecated because it has been deemed insufficient for security. Use the new, experimental oe_verify_attestation_certificate_with_evidence_v2() instead to generate a self-signed certificate for use in the TLS handshaking process.
  • In/out parameters in EDL now have the default count equals to one if the count attribute is not used.
  • Improved attestation evidence verification performance.
  • Open Enclave SDK will be built with clang-10 starting v0.17.0 release. We had originally planned to upgrade to clang-10 in the v0.16.0 release, but ran into some issues. We recommend that developers move to clang-10 starting v0.17.0 release.

Security

  • Update MUSL to version 1.2.2. Refer to MUSL release notes between version 1.1.22 to 1.2.2 for the set of issues addressed.

Packages in this release have been tested against the following Intel packages

On Ubuntu 18.04: DCAP: 1.10.100.4-bionic1 PSW: 2.13.100.4-bionic1 SGX Driver: 1.35
On Windows Server 2019: DCAP: 1.10.100.4 PSW: 2.12.100.4