Added
- OE SDK packages now contain OpenSSL 3.1 in addition to OpenSSL 1.1.1
- OE SDK will continue to support OpenSSL 1.1.1 until its EOL in Sep 2023. Developers should update their enclave applications to use OpenSSL 3.1 by then.
- Note: Since OpenSSL 3.1 has not been tested in production environments as yet, we recommend you experiment with updating enclave applications to use OpenSSL 3.1 as soon as possible and file any issues that you may find. We will address all issues filed in the next month and make another release, if necessary, in August.
- The Attested TLS sample has been modified to support building enclave applications with OpenSSL 3.1.
- Refer to OpenSSL 3.1 support docs for additional details
- Some of the assembly files generated via a Perl script in OpenSSL 3.1 do not contain LVI mitigations as yet. These are contingent on upstream work and will be updated as soon as LVI mitigations are available.
- Added
oe_generate_attestation_certificate_v2API which takes two additional params that determine certificate validity period.
Changed
- snmalloc has been updated to 0.6.2
- Dropped TDX supplemental data size check since the size is changing
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.16.100.2-focal1 PSW: 2.19.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.16.100.2 PSW:2.18.100.2