github openenclave/openenclave v0.13.0-rc1
on GitHub

latest releases: v0.19.4, v0.19.3, v0.19.2...
pre-release3 years ago

Breaking Changes

  • liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake.
    • The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave.
    • Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave.
    • See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file.
    • Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags.
    • See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file.

Added

  • OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample for an example of building enclaves with OpenSSL.

  • Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report().

  • Added the following SGX attestation claims from oe_verify_evidence():
    OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED
    OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID
    OE_CLAIM_SGX_IS_MODE64BIT
    OE_CLAIM_SGX_HAS_PROVISION_KEY
    OE_CLAIM_SGX_HAS_EINITTOKEN_KEY
    OE_CLAIM_SGX_USES_KSS
    OE_CLAIM_SGX_CONFIG_ID
    OE_CLAIM_SGX_CONFIG_SVN
    OE_CLAIM_SGX_ISV_FAMILY_ID
    Added the following fields for SGX KSS (Key Separation and Sharing) support:
    FamilyID
    ExtendedProductID

Changed

  • Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case.
  • Changed the attestation evidence extension OIDs for certificates generated by the following APIs. Verifiers must call oe_verify_attestation_certificate APIs from v.0.11.0 or above.
    oe_generate_attestation_certificate(): "1.3.6.1.4.1.311.105.1"
    oe_get_attestation_certificate_with_evidence(): "1.3.6.1.4.1.311.105.2"

Known issues

Please note that these will be fixed in the final v0.13.x release

  • #3767 fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release.
  • #3772 has been merged into master but is not included in this RC release. It fixes an illegal instruction problem observed on NUC7PJYH as described in #3762
Check out latest releases or
releases around openenclave/openenclave v0.13.0-rc1

Don't miss a new openenclave release

NewReleases is sending notifications on new releases.

Get notifications