Breaking Changes
- liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake.
- The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave.
- Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave.
- See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file.
- Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags.
- See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file.
Added
-
OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample for an example of building enclaves with OpenSSL.
-
Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report().
-
Added the following SGX attestation claims from oe_verify_evidence():
OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED
OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID
OE_CLAIM_SGX_IS_MODE64BIT
OE_CLAIM_SGX_HAS_PROVISION_KEY
OE_CLAIM_SGX_HAS_EINITTOKEN_KEY
OE_CLAIM_SGX_USES_KSS
OE_CLAIM_SGX_CONFIG_ID
OE_CLAIM_SGX_CONFIG_SVN
OE_CLAIM_SGX_ISV_FAMILY_ID
Added the following fields for SGX KSS (Key Separation and Sharing) support:
FamilyID
ExtendedProductID
Changed
- Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case.
- Changed the attestation evidence extension OIDs for certificates generated by the following APIs. Verifiers must call oe_verify_attestation_certificate APIs from v.0.11.0 or above.
oe_generate_attestation_certificate(): "1.3.6.1.4.1.311.105.1"
oe_get_attestation_certificate_with_evidence(): "1.3.6.1.4.1.311.105.2"
Known issues
Please note that these will be fixed in the final v0.13.x release
- #3767 fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release.
- #3772 has been merged into master but is not included in this RC release. It fixes an illegal instruction problem observed on NUC7PJYH as described in #3762