github openenclave/openenclave v0.16.0
on GitHub

latest releases: v0.19.4, v0.19.3, v0.19.2...
pre-release2 years ago

Added

  • Add the initial support of cryptographic module loading in SGX enclaves. Refer to the design document for more detail.
  • Add the support of getrandom libc API and syscall in enclaves.
  • Add libsgx-quote-ex, sgx-aesm-service and several SGX AESM plugins to Ansible scripts so that users will be able to select in-process or out-of-process call path for quote generation. Refer to the attestation sample for more information.
  • Open Enclave SDK installation on Linux sets the environment variable "SGX_AESM_ADDR" to 1 to enable attestation quote generation to occur out of the application process.
  • Add the support of the OE_ENCLAVE_FLAG_DEBUG_AUTO flag to the oe_create_enclave API. When the flag is set and the OE_ENCLAVE_FLAG_DEBUG flag is cleared, the debug mode is automatically turned on/off based on the value of Debug specified in the enclave config file.
  • Publish test tool oegenerate.
    • The tool, currently under the tools directory, was originally named oecert under the tests/tools directory.
    • The tool can be used to generate certificates, reports, and evidence in various formats.
    • The tool is for debugging purposes and is not suitable for production use.
  • Full support for SGX KSS (Key Separation and Sharing) including
    • FamilyID and ExtendedProductionID in enclave configuration file. Refer to Build and Sign an Enclave for more information.
    • config_id and config_svn at enclave loading time. Refer to Open Enclave Init-time Configuration Interface for more information.

Changed

  • The OpenEnclave CMake configuration now explicitly sets CMAKE_SKIP_RPATH to TRUE. This change should not affect fully static-linked enclaves.
  • oe_verify_attestation_certificate_with_evidence() has been deprecated because it has been deemed insufficient for security. Use the new, experimental oe_verify_attestation_certificate_with_evidence_v2() instead to generate a self-signed certificate for use in the TLS handshaking process.
  • In/out parameters in EDL now have the default count equals to one if the count attribute is not used.
  • Improved attestation evidence verification performance.
  • Open Enclave SDK will be built with clang-10 starting v0.17.0 release. We had originally planned to upgrade to clang-10 in the v0.16.0 release, but ran into some issues. We recommend that developers move to clang-10 starting v0.17.0 release.

Security

  • Update MUSL to version 1.2.2. Refer to MUSL release notes between version 1.1.22 to 1.2.2 for the set of issues addressed.

Packages in this release have been tested against the following Intel packages

On Ubuntu 18.04: DCAP: 1.10.100.4-bionic1 PSW: 2.13.100.4-bionic1 SGX Driver: 1.35
On Windows Server 2019: DCAP: 1.10.100.4 PSW: 2.12.100.4

Check out latest releases or
releases around openenclave/openenclave v0.16.0

Don't miss a new openenclave release

NewReleases is sending notifications on new releases.

Get notifications