Skip to content
Pre-release
Pre-release

@johnkord johnkord released this Oct 26, 2019

Added

  • Support Intel DCAP attestation on Windows.
  • Support transition_using_threads EDL attribute in oeedger8r.
    • This only applies to untrusted functions (ocalls) in this release.
    • Using this attribute allows the ocall to be invoked without incurring the
      performance cost of an enclave context switch.
  • Ability to debug ELF enclaves on Windows using Windbg/CDB
  • Preview support for 64-bit ARM TrustZone-capable boards with OP-TEE OS
    • See the documentation
      for the list of supported platforms, features, and known issues.

Changed

  • Transferred repository from microsoft/openenclave
    to openenclave/openenclave.
  • Change debugging contract for oegdb. Enclaves and hosts built prior to this
    release cannot be debugged with this version of oegdb and vice versa.
  • Update Intel DCAP library dependencies to 1.3.
  • Update Intel PSW dependencies to 2.7 on Linux and 2.5 on Windows.
  • SGX1 configurations always take build dependency on Intel SGX enclave common library.
  • Update LLVM libcxx to version 8.0.0.
  • Update mbedTLS to version 2.16.2.

Deprecated

  • The mbedTLS libraries used in Open Enclave will no longer be compiled with the
    following config.h options in the next (v0.8) release:
    • MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE: Considerable advances
      have been made in breaking SHA1 since our original review and we would
      like to be more prescriptive in recommending the use of SHA256.
    • MBEDTLS_KEY_EXCHANGE_RSA_ENABLED: This option provides no perfect
      forward secrecy and is generally becoming less popular as this is
      recognized. The ECDHE variants are also more performant.

Security

  • Fix enclave heap memory disclosure (CVE-2019-1369).
Assets 8
You can’t perform that action at this time.