github openenclave/openenclave v0.11.0-rc1
on GitHub

latest releases: v0.19.4, v0.19.3, v0.19.2...
pre-release3 years ago

Added

  • Open Enclave SDK release packages can now be built on non-SGX and non-FLC machines.
  • Support for arbitrarily large thread-local data for SGX machines.
  • Experimental support for OpenSSL inside enclaves has been added while building the SDK from source.
    • Use BUILD_OPENSSL flag while compiling the SDK.
    • OpenSSLSupport.md documents supported options and configuration needed to use OpenSSL inside an enclave.
  • Custom claims buffer serialization/de-serialization helper functions.
  • SGX attestation endorsement claims from oe_verify_evidence() will contain the following:
    • OE_CLAIM_SGX_TCB_INFO
    • OE_CLAIM_SGX_TCB_ISSUER_CHAIN
    • OE_CLAIM_SGX_PCK_CRL
    • OE_CLAIM_SGX_ROOT_CA_CRL
    • OE_CLAIM_SGX_CRL_ISSUER_CHAIN
    • OE_CLAIM_SGX_QE_ID_INFO
    • OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN
  • The attestation functions in local_attestation/remote_attestation/attested_tls/host_verify samples now use attestation plugin APIs, defined in attestation/attester.h and attestation/verifier.h to generate and verify evidence.
  • oe_get_evidence() support for generation of SGX EPID evidences, in formats OE_FORMAT_UUID_SGX_EPID_LINKABLE and OE_FORMAT_UUID_SGX_EPID_UNLINKABLE.

Changed

  • Rename the custom claims buffer added by oe_get_evidence from "custom_claims" to "custom_claims_buffer". Likewise, replace the OE_CLAIM_CUSTOM_CLAIMS definition for this name with OE_CLAIM_CUSTOM_CLAIMS_BUFFER.
  • Building SDK from source
    - HAS_QUOTE_PROVIDER cmake option has been removed. This is a continuation of the work in the previous release to allow the same build of OE SDK to run on both FLC and non-FLC machines.
    - Intel SGX EnclaveCommonAPI packages are no longer needed to build the SDK.
    - COMPILE_SYSTEM_EDL cmake option has been removed.
  • oe_verify_attestation_certificate_with_evidence() can now verify certificates generated by oe_generate_attestation_certificate() as well as oe_get_attestation_certificate_with_evidence().
  • The SGX attestation evidence internal structure has changed. The current structure (version 3) is not compatible with the previous version. Applications that call oe_get_evidence() or oe_verify_evidence() have to be rebuilt.
  • Some SGX attestation format IDs have been renamed:
Old New
OE_FORMAT_UUID_SGX_ECDSA_P256 OE_FORMAT_UUID_SGX_ECDSA
OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT OE_FORMAT_UUID_LEGACY_REPORT_REMOTE
OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA

Removed

  • Declaration of SGX format ID OE_FORMAT_UUID_SGX_ECDSA_P384 is removed.
  • oe_get_evidence() support of SGX legacy formats OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT and OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE is removed.

Security

  • Update mbedTLS to version 2.16.7. Refer to the 2.16.7 release notes for the set of
    issues addressed.
Check out latest releases or
releases around openenclave/openenclave v0.11.0-rc1

Don't miss a new openenclave release

NewReleases is sending notifications on new releases.

Get notifications