openenclave/openenclave v0.10.0

on GitHub

Added

• Added oe_sgx_get_signer_id_from_public_key() function which helps a verifier of SGX reports extract the expected MRSIGNER value from the signer's public key PEM certificate.
• OE SDK can now be built and run in simulation mode on a non SGX x64 Windows machine by passing HAS_QUOTE_PROVIDER=off.
  Previously, the build would work, but running applications would fail due to missing sgx_enclave_common.dll.
• OE SDK can now be installed from published packages on SGX machines without FLC, and non-SGX machines.
  Previously, OE SDK could only be installed on SGX1 FLC machines due to a link-time dependency on sgx_dcap_ql which
  was available only on SGX1 FLC machines.
• oesign tool supports the new digest command and options for 2-step signing using the digest.
• Oeedger8r now supports the --use-prefix feature.
• Oeedger8r now supports a subset of C-style preprocessor directives (#ifdef, #ifndef, #else, #endif).
• The default memory allocator (dlmalloc) can be replaced by providing replacement functions. This ability to plug-in
  a custom allocator is most applicable for multi-threaded enclaves with memory allocation patterns where the default
  memory allocator may not be performant. See Pluggable Allocators.
• snmalloc is available as a pluggable allocator library oesnmalloc. An enclave can use snmalloc instead of
  dlmalloc by specifying liboesnmalloc.a before liboelibc.a and liboecore.a in the linker line.
• Added pluggable_allocator sample.
• Gcov is used to obtain code coverage information for the SDK. See Code Coverage.
• Added include\openenclave\attestation\attester.h to support attestation plug-in model attester scenarios.
• Added include\openenclave\attestation\verifier.h to support attestation plug-in model verifier scenarios.

Changed

• COMPILE_SYSTEM_EDL is now OFF by default, meaning system EDL must be imported by
  application EDL. See system EDL opt-in document for more information.
  • Note: SDK users would need to import logging.edl to enable logging. Logging is disabled by default.
  • See System edls for list of all edls and associated OCalls.
  • A known issue is that different enclaves importing functions from System EDLs cannot be loaded by the same host app unless all of the functions were imported with exactly the same ordinals. See #3250 for details. This will be addressed in the next release based on design proposal #3086.
  • A workaround for this issue in the meantime is to define a standard import EDL for any enclaves that need to be loaded into the same host app. Ensuring this shared EDL is then the first import in each enclave's EDL will result in the common imports being assigned the same ordinals in each resulting enclave.
• Mark APIs in include/openenclave/attestation/sgx/attester.h and verifier.h as experimental.
• Remove CRL_ISSUER_CHAIN_PCK_PROC_CA field from endorsement struct define in include/openenclave/bits/attestation.h.
• Switch to oeedger8r written in C++.
• For the oeeger8r tool, multiple search paths is supported by specifying each path with --search-path. See

  openenclave/samples/helloworld/enclave/CMakeLists.txt

  Line 10 in ce8c48c

  --search-path ${OE_INCLUDEDIR} --search-path

  from an example
• Fix #3143. oesign tool will now reject .conf files that contain duplicate property definitions.
• SGX Simulation Mode does not need SGX libraries to be present in the system.
• oehost library dynamically loads sgx_dcap_ql shared library instead of linking against it. This allows the SDK to
  be installed on non-FLC and non-SGX machines.
• Fix #3134. ParseSGXExtensions will now correctly parse the SGX extensions for PCK Certificates defined in SGX spec.
• oesign dump command now also displays the MRSIGNER value of an SGX enclave signature if it exists.
• The Deep-copy feature of oeedger8r is now enabled by default.
• The oeedger8r-generated header files now contain only the function prototypes. Marshalling structs, function id enums,
  and function tables are generated only in the c files.
• Docs and scripts updated to use Azure DCAP client v1.6.0.
• Fix #2930. Fixes the logic of detecting compilers when LVI mitigation is enabled. That is, the old logic always picks clang-7 (if installed) regardless of whether the environment variable CC is set to gcc.
• Fix #2670. This fix also allows users to specify the version of clang (default is clang-7) when building the helloworld sample with LVI mitigation.
• Fix #3056. oe_is_within_enclave() and oe_is_outside_enclave() now reflect the SGX enclave boundary as determined by the enclave SECS rather than the limit of the pages initially provisioned in to the enclave.
• If not specified, CMAKE_BUILD_TYPE is set to Debug. This ensures that cmake and cmake -DCMAKE_BUILD_TYPE=Debug result in the same build configuration.
• Moved include/openenclave/attestation/plugin.h to internal. Currently only support internal attestation plugin registration.
• Parameter flags is removed from experimental function oe_get_evidence(). Use 'evidence_format' parameter to select evidence format.

Removed

• Removed oehostapp and the appendent "-rdynamic" compiling option. Please use oehost instead and add the option back manually if necessary.
• Removed dependencies on nodejs and esy, which were previously used to build Ocaml compiler and oeedger8r.

Security

• Fix ABI poisoning vulnerability for x87 FPU operations in enclaves.

Known issues

• In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it. #3300 tracks issues related to the host-verify sample.

Packages in this release have been tested against the following Intel Packages

On Ubuntu 1804: DCAP: 1.7.100.2-bionic1 PSW: 2.10.100.2-bionic1
On Ubuntu 1604: DCAP: 1.7.100.2-xenial1 PSW: 2.10.100.2-xenial1
On Windows Server 2016: DCAP: 1.7.100.2 PSW: 2.8.100.2
On Windows Server 2019: DCAP: 1.7.100.2 PSW: 2.8.100.2