github openenclave/openenclave v0.18.0-rc4

latest releases: v0.19.4, v0.19.3, v0.19.2...
pre-release21 months ago

Added

  • oeapkman is a Linux tool for installing and using Alpine Linux static libraries within enclaves.
    • The command oeapkman add package can be used to install the specified package.
      Typically -static and -dev (e.g.: sqlite-static, sqlite-dev) packages need to be installed.
    • The command oeapkman root prints out the path to the Alpine Linux distribution maintained by oeapkman.
      The root path is useful for providing paths to header files and static libraries to the compiler and linker respectively.
    • The command oeapkman exec can be used to execute commands within the Alpine Linux environment.
      For example, after executing oeapkman add clang build-base cmake to install development tools,
      running oeapkman exec clang -c file.c would compile file.c in current folder using the clang compiler that
      has been installed in the Alpine Linux environment. oeapkman exec bash would launch a bash shell in the current folder.
    • The --optee prefix can be applied to the commands to target OP-TEE.
      oeapkman --optee add sqlite-static installs aarch64 sqlite static library.
      oeapkman --optee exec gcc -c file.c cross-compile file.c to target OP-TEE.
    • See samples/apkman for a complete example demonstrating use of the sqlite database library within enclaves.
  • Support for compiler-rt. oelibc includes LLVM's compiler-rt-10.0.1.
  • Update logging function setup API name for SGX Quote Provider plugin to sgx_ql_set_logging_callback and mark API name sgx_ql_set_logging_function as deprecated.
  • Add new policy type OE_POLICY_ENDORSEMENTS_BASELINE for oe_verify_evidence API to pass additional parameters to QVL for more advanced quote validation.
  • The CapturePFGPExceptions preference is now supported in SGX1 debug mode on Linux.
    • When setting CapturePFGPExceptions=1, OE will simulate all the SIGSEGV as #PF by forwarding the host information (faulting address) to in-enclave exception handlers.
    • Note that this feature is for debug only and there is no guarantee that the simulated behavior works the same as the hardware feature in SGX2.
  • Added the support of using vDSO interfaces for SGX enclaves on Linux to enable synchronous exception handling. The oehost library automatically opts into the vDSO interface when it is available (Linux kernel 5.11+).

Changed

  • Updated libcxx to version 10.0.1
  • Updated the mbedTLS from 2.16 LTS to 2.28 LTS
  • Updated the SymCrypt-OpenSSL to v1.1.0
  • Updated the support of the SymCrypt module to v101.3.0

Don't miss a new openenclave release

NewReleases is sending notifications on new releases.