v0.7.0
Pre-release
Pre-release
Added
- Support Intel DCAP attestation on Windows.
- Support
transition_using_threads
EDL attribute in oeedger8r.- This only applies to untrusted functions (ocalls) in this release.
- Using this attribute allows the ocall to be invoked without incurring the
performance cost of an enclave context switch.
- Ability to debug ELF enclaves on Windows using Windbg/CDB
- Visual Studio Code CDB Extension
- WinDbg Preview
- The new oedebugrt.dll binary needs to be copied to the app folder to enable this.
- Preview support for 64-bit ARM TrustZone-capable boards with OP-TEE OS
- See the documentation
for the list of supported platforms, features, and known issues.
- See the documentation
Changed
- Transferred repository from microsoft/openenclave
to openenclave/openenclave. - Change debugging contract for oegdb. Enclaves and hosts built prior to this
release cannot be debugged with this version of oegdb and vice versa. - Update Intel DCAP library dependencies to 1.3.
- Update Intel PSW dependencies to 2.7 on Linux and 2.5 on Windows.
- SGX1 configurations always take build dependency on Intel SGX enclave common library.
- Update LLVM libcxx to version 8.0.0.
- Update mbedTLS to version 2.16.2.
Deprecated
- The mbedTLS libraries used in Open Enclave will no longer be compiled with the
following config.h options in the next (v0.8) release:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
: Considerable advances
have been made in breaking SHA1 since our original review and we would
like to be more prescriptive in recommending the use of SHA256.MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
: This option provides no perfect
forward secrecy and is generally becoming less popular as this is
recognized. The ECDHE variants are also more performant.
Security
- Fix enclave heap memory disclosure (CVE-2019-1369).