Added
oeapkman
is a Linux tool for installing and using Alpine Linux static libraries within enclaves.- The command
oeapkman add package
can be used to install the specified package.
Typically-static
and-dev
(e.g.: sqlite-static, sqlite-dev) packages need to be installed. - The command
oeapkman root
prints out the path to the Alpine Linux distribution maintained byoeapkman
.
The root path is useful for providing paths to header files and static libraries to the compiler and linker respectively. - The command
oeapkman exec
can be used to execute commands within the Alpine Linux environment.
For example, after executingoeapkman add clang build-base cmake
to install development tools,
runningoeapkman exec clang -c file.c
would compilefile.c
in current folder using the clang compiler that
has been installed in the Alpine Linux environment.oeapkman exec bash
would launch a bash shell in the current folder. - The
--optee
prefix can be applied to the commands to target OP-TEE.
oeapkman --optee add sqlite-static
installs aarch64 sqlite static library.
oeapkman --optee exec gcc -c file.c
cross-compilefile.c
to target OP-TEE. - See samples/apkman for a complete example demonstrating use of the
sqlite
database library within enclaves.
- The command
- Support for
compiler-rt
.oelibc
includes LLVM'scompiler-rt-10.0.1
. - Update logging function setup API name for SGX Quote Provider plugin to
sgx_ql_set_logging_callback
and mark API namesgx_ql_set_logging_function
as deprecated. - Add new policy type
OE_POLICY_ENDORSEMENTS_BASELINE
foroe_verify_evidence
API to pass additional parameters to QVL for more advanced quote validation. - The CapturePFGPExceptions preference is now supported in SGX1 debug mode on Linux.
- When setting CapturePFGPExceptions=1, OE will simulate all the SIGSEGV as #PF by forwarding the host information (faulting address) to in-enclave exception handlers.
- Note that this feature is for debug only and there is no guarantee that the simulated behavior works the same as the hardware feature in SGX2.
- Added the support of using vDSO interfaces for SGX enclaves on Linux to enable synchronous exception handling. The
oehost
library automatically opts into the vDSO interface when it is available (Linux kernel 5.11+).
Changed
- Updated libcxx to version 10.0.1
- Updated the mbedTLS from 2.16 LTS to 2.28 LTS
- Updated the SymCrypt-OpenSSL to v1.1.0
- Updated the support of the SymCrypt module to v101.3.0