Major work such as new features, bug fixes, feature deprecations, and other
breaking changes should be noted here. It should be more concise than git log.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Open Enclave SDK is now officially an incubation project as part of the Linux
Foundation's Confidential Computing Consortium (CCC).
- All contributions are now accepted under the terms of the Developer Certificate of Origin. For details, see Contributing to Open Enclave.
- The copyright for all sources is now attributed to Open Enclave SDK contributors.
- Support Intel DCAP attestation on Windows.
- Support
transition_using_threadsEDL attribute in oeedger8r.- This only applies to untrusted functions (ocalls) in this release.
- Using this attribute allows the ocall to be invoked without incurring the performance cost of an enclave context switch.
- Ability to debug ELF enclaves on Windows using Windbg/CDB
- Visual Studio Code CDB Extension
- WinDbg Preview
- The new oedebugrt.dll binary needs to be copied to the app folder to enable this.
- Preview support for 64-bit ARM TrustZone-capable boards with OP-TEE OS
- See the documentation for the list of supported platforms, features, and known issues.
- Transferred repository from microsoft/openenclave to openenclave/openenclave.
- Change debugging contract for oegdb. Enclaves and hosts built prior to this release cannot be debugged with this version of oegdb and vice versa.
- Update Intel DCAP library dependencies to 1.3.
- Update Intel PSW dependencies to 2.7 on Linux and 2.5 on Windows.
- SGX1 configurations always take build dependency on Intel SGX enclave common library.
- Update LLVM libcxx to version 8.0.0.
- Update mbedTLS to version 2.16.2.
- The mbedTLS libraries used in Open Enclave will no longer be compiled with the
following config.h options in the next (v0.8) release:
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE: Considerable advances have been made in breaking SHA1 since our original review and we would like to be more prescriptive in recommending the use of SHA256.MBEDTLS_KEY_EXCHANGE_RSA_ENABLED: This option provides no perfect forward secrecy and is generally becoming less popular as this is recognized. The ECDHE variants are also more performant.
- Fix enclave heap memory disclosure (CVE-2019-1369).
- Rename
oe-gdbtooegdbfor consistency with other tools, such asoesign. - Update pkg-config and CMake exports to include the following hardening build
flags by default:
- Enclaves will:
- Compile with
-fPIEinstead of-fPIC. - Link with
-Wl,-z,noexecstack,-Wl,-z,now.
- Compile with
- Host apps will:
- Compile with
-D_FORTIFY_SOURCE=2(only effective if compiling under GCC with-O2specified) and-fstack-protector-strong. - Link with
-Wl,-z,noexecstack. - Note that
-Wl,-z,nowis not enabled by default, but app authors should enable it themselves after assessing its startup impact.
- Compile with
- Enclaves will:
- Removed support for the previously deprecated
OE_API_VERSION=1APIs. - Update MUSL libc to version 1.1.21.
- Update mbedTLS to version 2.7.11.
- Open Enclave SDK works in Windows
- Build using Visual Studio 2017's CMake Support
- Build in x64 Native Prompt using Ninja
- Function table/id based ecall/ocall dispatching
- oeedger8r generates ecall tables and ocall tables
- Dispatching based on function-id (index into table)
- oeedger8r generates
oe_create_foo_enclavefunction forfoo.edl - oe-gdb allows attaching to a host that is already running
- oe-gdb allows attaching to a host that is already running
- Added Quote Enclave Identity validation into
oe_verify_reportimplementation - Added OE SDK internal logging mechanism
- Support for thread local variables
- Both GNU
__threadand C++11thread_local - Both hardware and simulation mode
- Enclaves are compiled using local-exec thread-local model (-ftls-model=local-exec)
- Both GNU
- Added
oe_get_public_keyandoe_get_public_key_by_policyhost functions, which allow the host to get a public key derived from an enclave's identity. - Added v2 versions of the following APIs that instead of passing in buffers now
return a buffer that needs to be freed via an associated free method.
OE_API_VERSIONneeds to be set to 2 to pick up the versions. The mentioned APIs have a *_V1 and *_V2 version that the below versions map to detending on theOE_API_VERSION.oe_get_report, freereport_bufferviaoe_free_reportoe_get_target_info, freetarget_info_bufferviaoe_free_target_infooe_get_seal_key, freekey_bufferandkey_infoviaoe_free_seal_keyoe_get_seal_key_by_policy, freekey_bufferandkey_infoviaoe_free_seal_key
- Added new enumeration for enclave type parameter of
oe_create_enclave. Now useOE_ENCLAVE_TYPE_AUTOto have the enclave appropriate to your built environment be chosen automatically. For instance, building Intel binaries will select SGX automatically, where on ARM it will pick TrustZone. - Added three new APIs for attestation certificate generation and verification
oe_create_enclavetakes two additional parameters:ocall_tableandocall_table_size.- Update mbedTLS library to version 2.7.9.
- Update MUSL libc to version 1.1.20.
- Update LLVM libcxx to version 7.0.0.
- Some libcxx headers (e.g.
<string>) now use C++11 template features and may require compiling with the-std=c++11option when building with GCC.
- Some libcxx headers (e.g.
- Update minimum required CMake version for building from source to 3.13.1.
- Update minimum required C++ standard for building from source to C++14.
- Moved
oe_seal_policy_t,oe_asymmetric_key_type_t,oe_asymmetric_key_format_t, andoe_asymmetric_key_params_ttobits/types.hfromenclave.h. - Changed minimum required QE ISVSVN version from 1 to 2 for the QE Identity revocation check that is performed during quote verification. Remote reports that were generated with a QE ISVSVN version of 1 will fail during report verification now. To resolve this issue, please install the latest version of the Intel SGX DCAP packages (1.0.1 or newer) on the system that generates the remote report.
- Revamped
oesignCLI tool arguments parsing. Instead of relying on the arguments order and name, named parameters are used as such:- The
signsubcommand accepts the following mandatory flags:--enclave-image [-e], the enclave image file path--config-file [-c], the path of the config file with enclave properties--key-file [-k], the path of the private key file used to digitally sign the enclave image
- The
dumpsubcommand accepts only the--enclave-image [-e]mandatory flag, for the enclave file path.
- The
- String based
ocalls/ecalls,OE_ECALL, andOE_OCALLmacros. OE_ENCLAVE_TYPE_UNDEFINEDwas removed and replaced withOE_ENCLAVE_TYPE_AUTO.
- Check support for AVX in platform/OS before setting SECS.ATTRIBUTES.XFRM in enclave.
- Fix CVE-2019-0876
_handle_sgx_get_reportwill now write to the supplied argument if it lies in host memory.- Added check for missing null terminator in oeedger8r generated code.
v0.4.1 contains a small fix to work with Intel's new ISV version bump.
- This allows the OE SDK to continue to support reports signed by QE SVN=1, and at the same time also allow a newer QE SVN (greater than 1) during the oe_verify_report process.
v0.4.0 is the first public preview release, with numerous breaking changes from v0.1.0 as listed below.
- Support building Open Enclave SDK apps with Clang-7.
- Support Intel EDL for host & enclave stub generation with oeedger8r tool.
- Support full SGX DCAP remote report (quote) revocation.
- Expand documentation for running on different configurations.
- Add pkg-config files for building Open Enclave apps in C/C++ for GCC or Clang.
- Add data sealing sample.
- Add
oe_call_host_by_address()to allow enclaves to make OCALLs by callback pointer. - Add
oe_get_enclave()to obtain enclave handle to return to host. - Add
oe_get_target_info()to support SGX local attestation. - Add CMake export configuration to SDK (experimental).
- Standardize naming convention on new Development Guide.
- Standardize Open Enclave APIs to use
size_ttype for buffer sizes. - Standardize Open Enclave APIs to always clear output parameters on error return.
- Change report type detection logic.
- Reports generated by Open Enclave are no longer transparently usable by Intel SGX SDK.
- Change
oe_identity.authorIDfield tooe_identity.signerID. - Clean up thread local storage on return from ECALL.
- Refactor liboecore and liboeenclave dependency.
- All enclave apps must now link liboeenclave.
- Refactor liboecore and liboelibc dependency.
- All enclave apps should call libc for C functions instead.
- Break up remote attestation sample into 4 separate samples.
- Simplify
oe_get_report()so it doesn't accept unusedreportdataon host side. - Reduce the set of
oe_resultvalues returned. - Update mbedTLS library to version 2.7.5.
- Update LLVM libcxx to version 6.0.1.
- Update MUSL libc to version 1.1.19.
- Update libunwind to version 1.3.
- Deprecate oe_call_host and oe_call_enclave methods in favor of EDL generated interfaces.
- Block re-entrant ECALLs. A host servicing an OCALL cannot make an ECALL back into the enclave.
- Remove oe_thread functions. All enclave apps should use libc/libcxx thread functions instead.
- Remove API reference from SDK package. Refer to https://openenclave.io/apidocs/v0.4 instead.
- Remove outdated documents including DesignOverview.pdf.
- Remove oegen, oedump and oeelf tools.
- Remove CMake-based samples.
- Replace test signing PEM files with runtime generated test keys.
- Add appropriate validations for ELF64 in Open Enclave loader.
- Expand libc/libcxx test coverage.
- Build all libraries with Clang-7 Spectre-1 mitigation (-x86-speculative-load-hardening).
- Update code to use safe CRT and secure memset/zero memory methods.
- Fix integer overflows and add arithmetic boundary checks in Open Enclave runtime.
- Fix cert chain validation during Open Enclave quote verification.
Initial private preview release, no longer supported.