Added
- Oeedger8r now supports the warning flag -W. The available options include:
- -Wreturn-ptr: Check if an OCALL or ECALL returns a pointer.
- -Wptr-in-struct: Check if a user-defined struct includes a un-annotated pointer member.
- -Wforeign-type-ptr: Check if an OCALL or ECALL includes a parameter that is the pointer of a foreign type.
- -Wptr-in-function: Check if an OCALL or ECALL includes a un-annotated pointer argument.
- -Wall: Enable all the warning options.
- -Wno-: Disable the corresponding warning.
- -Werror: Turn warnings into errors.
- -Werror=: Turn the specified warning into an error.
- oesign sign now allows option -o/--output-file, to specify location to write signature of enclave image.
- Debugger Contract has been extended to support multiple modules.
- Refer to design document for details.
Changed
- Open Enclave SDK will be built with clang-10 starting v0.16.0 release. We recommend that developers move to clang-10 starting v0.16.0 release.
- oe_get_attestation_certificate_with_evidence() has been deprecated because it has been deemed insufficient for security. Use the new, experimental oe_get_attestation_certificate_with_evidence_v2() instead to generate a self-signed certificate for use in the TLS handshaking process.
- Debugger Contract
path
fields inoe_debug_enclave_t
andoe_debug_module_t
are now defined to be in
UTF-8 encoding. Previously the encoding was undefined. To ensure smooth transition, debuggers
are required to try out both UTF-8 as well as the previous encoding and pick the one that works.
Security
- Update mbedTLS to version 2.16.10. Refer to the 2.16.10 and 2.16.9 release notes for the set of issues addressed.
- OPENSSL is updated to version 1.1.1k.
- The current version of wcsnrtombs function in oelibc (based on musl 1.1.21) has known vulnerability (refer to CVE-2020-28928), which will be fixed via upgrading musl to 1.2.2 in the next release. Please do not use wcsnrtombs with this version or earlier versions of Open Enclave SDK.
Packages in this release have been tested against the following Intel packages
On Ubuntu 18.04: DCAP: 1.10.100.4-bionic1 PSW: 2.13.100.4-bionic1 SGX Driver: 1.35
On Windows Server 2019: DCAP: 1.10.100.4 PSW: 2.12.100.4