Major work such as new features, bug fixes, feature deprecations, and other
breaking changes should be noted here. It should be more concise than git log
.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Initial implementation of the Malloc Info API for dlmalloc (default allocator), and snmalloc.
- Added missing attribute validations to oeedger8r C++ implementation.
-
The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. openenclave/openenclave#3539 tracks this.
-
The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. openenclave/openenclave#3555 tracks this.
- Security fixes in oeedger8r
- Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
- Count/size properties in deep-copied in/out structs are treated as readonly to prevent the host from changing corrupting enclave memory by changing these properties.
- Open Enclave SDK release packages can now be built on non-SGX and non-FLC machines.
- Support for arbitrarily large thread-local data for SGX machines.
- Experimental support for OpenSSL inside enclaves has been added while building the SDK from source.
- Use BUILD_OPENSSL flag while compiling the SDK.
- OpenSSLSupport.md documents supported options and configuration needed to use OpenSSL inside an enclave.
- Custom claims buffer serialization/de-serialization helper functions.
- oe_verify_evidence() and oe_verify_attestation_certificate_with_evidence() have been added to the host-verify package.
- SGX attestation endorsement claims from oe_verify_evidence() will contain the following:
- OE_CLAIM_SGX_TCB_INFO
- OE_CLAIM_SGX_TCB_ISSUER_CHAIN
- OE_CLAIM_SGX_PCK_CRL
- OE_CLAIM_SGX_ROOT_CA_CRL
- OE_CLAIM_SGX_CRL_ISSUER_CHAIN
- OE_CLAIM_SGX_QE_ID_INFO
- OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN
- The attestation functions in local_attestation/remote_attestation/attested_tls/host_verify samples now use attestation plugin APIs, defined in attestation/attester.h and attestation/verifier.h to generate and verify evidence.
- oe_get_evidence() support for generation of SGX EPID evidences, in formats OE_FORMAT_UUID_SGX_EPID_LINKABLE and OE_FORMAT_UUID_SGX_EPID_UNLINKABLE.
- Rename the custom claims buffer added by oe_get_evidence from "custom_claims" to "custom_claims_buffer". Likewise, replace the
OE_CLAIM_CUSTOM_CLAIMS
definition for this name withOE_CLAIM_CUSTOM_CLAIMS_BUFFER
. - Building SDK from source - HAS_QUOTE_PROVIDER cmake option has been removed. This is a continuation of the work in the previous release to allow the same build of OE SDK to run on both FLC and non-FLC machines. - Intel SGX EnclaveCommonAPI packages are no longer needed to build the SDK.
- oe_verify_attestation_certificate_with_evidence() can now verify certificates generated by oe_generate_attestation_certificate() as well as oe_get_attestation_certificate_with_evidence().
- The SGX attestation evidence internal structure has changed. The current structure (version 3) is not compatible with the previous version. Evidence/certificates generated prior to v0.11.0 cannot be verified by v0.11.0 verifiers. Applications that call the following experimental APIs must link to OE SDK v0.11.0 or above:
- oe_get_evidence()
- oe_verify_evidence()
- oe_get_attestation_certificate_with_evidence()
- oe_verify_attestation_certificate_with_evidence()
- Some SGX attestation format IDs have been renamed:
Old | New |
---|---|
OE_FORMAT_UUID_SGX_ECDSA_P256 | OE_FORMAT_UUID_SGX_ECDSA |
OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT | OE_FORMAT_UUID_LEGACY_REPORT_REMOTE |
OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE | OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA |
- COMPILE_SYSTEM_EDL option while building the SDK from source has been removed.
- Declaration of SGX format ID OE_FORMAT_UUID_SGX_ECDSA_P384 is removed.
- oe_get_evidence() support of SGX legacy formats OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT and OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE is removed.
- Update mbedTLS to version 2.16.8. Refer to the 2.16.7 and 2.16.8 release notes for the set of issues addressed.
- Added
oe_sgx_get_signer_id_from_public_key()
function which helps a verifier of SGX reports extract the expected MRSIGNER value from the signer's public key PEM certificate. - OE SDK can now be built and run in simulation mode on a non SGX x64 Windows machine by passing HAS_QUOTE_PROVIDER=off. Previously, the build would work, but running applications would fail due to missing sgx_enclave_common.dll.
- OE SDK can now be installed from published packages on SGX machines without FLC, and non-SGX machines. Previously, OE SDK could only be installed on SGX1 FLC machines due to a link-time dependency on sgx_dcap_ql which was available only on SGX1 FLC machines.
- oesign tool supports the new
digest
command and options for 2-step signing using the digest. - Oeedger8r now supports the --use-prefix feature.
- Oeedger8r now supports a subset of C-style preprocessor directives (#ifdef, #ifndef, #else, #endif).
- The default memory allocator (dlmalloc) can be replaced by providing replacement functions. This ability to plug-in a custom allocator is most applicable for multi-threaded enclaves with memory allocation patterns where the default memory allocator may not be performant. See Pluggable Allocators.
snmalloc
is available as a pluggable allocator libraryoesnmalloc
. An enclave can use snmalloc instead of dlmalloc by specifyingliboesnmalloc.a
beforeliboelibc.a
andliboecore.a
in the linker line.- Added pluggable_allocator sample.
- Gcov is used to obtain code coverage information for the SDK. See Code Coverage.
- Added include\openenclave\attestation\attester.h to support attestation plug-in model attester scenarios.
- Added include\openenclave\attestation\verifier.h to support attestation plug-in model verifier scenarios.
COMPILE_SYSTEM_EDL
is now OFF by default, meaning system EDL must be imported by application EDL. See system EDL opt-in document for more information.- Note: SDK users would need to import logging.edl to enable logging. Logging is disabled by default.
- See System edls for list of all edls and associated OCalls.
- A known issue is that different enclaves importing functions from System EDLs cannot be loaded by the same host app unless all of the functions were imported with exactly the same ordinals. See #3250 for details. This will be addressed in the next release based on design proposal #3086.
- A workaround for this issue in the meantime is to define a standard import EDL for any enclaves that need to be loaded into the same host app. Ensuring this shared EDL is then the first import in each enclave's EDL will result in the common imports being assigned the same ordinals in each resulting enclave.
- Mark APIs in include/openenclave/attestation/sgx/attester.h and verifier.h as experimental.
- Remove CRL_ISSUER_CHAIN_PCK_PROC_CA field from endorsement struct define in include/openenclave/bits/attestation.h.
- Switch to oeedger8r written in C++.
- Fix #3143. oesign tool will now reject .conf files that contain duplicate property definitions.
- SGX Simulation Mode does not need SGX libraries to be present in the system.
- oehost library dynamically loads sgx_dcap_ql shared library instead of linking against it. This allows the SDK to be installed on non-FLC and non-SGX machines.
- Fix #3134. ParseSGXExtensions will now correctly parse the SGX extensions for PCK Certificates defined in SGX spec.
- oesign
dump
command now also displays theMRSIGNER
value of an SGX enclave signature if it exists. - The Deep-copy feature of oeedger8r is now enabled by default.
- The oeedger8r-generated header files now contain only the function prototypes. Marshalling structs, function id enums, and function tables are generated only in the c files.
- Docs and scripts updated to use Azure DCAP client v1.6.0.
- Fix #2930. Fixes the logic of detecting compilers when LVI mitigation is enabled. That is, the old logic always picks clang-7 (if installed) regardless of whether the environment variable CC is set to gcc.
- Fix #2670. This fix also allows users to specify the version of clang (default is clang-7) when building the helloworld sample with LVI mitigation.
- Fix #3056. oe_is_within_enclave() and oe_is_outside_enclave() now reflect the SGX enclave boundary as determined by the enclave SECS rather than the limit of the pages initially provisioned in to the enclave.
- If not specified, CMAKE_BUILD_TYPE is set to Debug. This ensures that cmake and cmake -DCMAKE_BUILD_TYPE=Debug result in the same build configuration.
- Moved include/openenclave/attestation/plugin.h to internal. Currently only support internal attestation plugin registration.
- Parameter flags is removed from experimental function oe_get_evidence(). Use 'evidence_format' parameter to select evidence format.
- Removed oehostapp and the appendent "-rdynamic" compiling option. Please use oehost instead and add the option back manually if necessary.
- Removed dependencies on nodejs and esy, which were previously used to build Ocaml compiler and oeedger8r.
- Complete support for inttypes.h and stdlib.h in oelibc. See docs/LibcSupport.md for more details.
- Support for Simulation Mode on Windows. Simulation mode only runs on systems with SGX enabled.
- Support
transition_using_threads
EDL attribute for ecalls in oeedger8r. OE SDK now supports both switchless OCALLs and ECALLs. - Published corelibc headers required by oeedger8r-generated code. Disclaimer: these headers do not make any guarantees about stability. They are intended to be used by generated code and are not part of the OE public API surface.
- Support for Windows Server 2019.
- Experimental support for RHEL8.
- Preview versions of VSCode and Visual Studio Extensions for OE are now part of the github repo.
- Experimental support for enclave file system APIs on Windows host.
- oelibcxx now supports up to
std=c++17
. Please see docs/LibcxxSupport.md for more details. COMPILE_SYSTEM_EDL
build flag. This is on by default and will compile system OCalls and ECalls into OE libraries as before. If it is set to off, each enclave application must import the ECalls/OCalls it needs into its own EDL file from{OE_INSTALL_PATH}/include/openenclave/edl
.- Experimental support for snmalloc. To use snmalloc, build the SDK from source using -DUSE_SNMALLOC=ON.
- Moved
oe_asymmetric_key_type_t
,oe_asymmetric_key_format_t
, andoe_asymmetric_key_params_t
tobits/asym_keys.h
frombits/types.h
. - Windows host libraries in the Open Enclave NuGet package have been compiled with /WX /W3 enabled.
- Attestation plugin APIs in include/openenclave/attestation/plugin.h are marked experimental.
- Fix #2828 which removes an explicit host side dependency on libsgx-urts on Linux.
- Fix #2607 so that libmbedcrypto now includes mbedtls_hkdf().
- Fix #2786 so that
CXX
is alwaysTRUE
inadd_enclave_sgx()
andadd_enclave_optee()
. - Fix #2544 and #2264. This removes oesign's dependency on libsgx_enclave_common and libsgx_dcap_ql.
- Fix #2661 which caused inconsistent code generation in oeedger8r.
- Removed oe-gdb script which has been deprecated since v0.6. Use oegdb instead.
- Update mbedTLS to version 2.16.6. Refer to the 2.16.5 and 2.16.6 release notes for the set of issues addressed.
- oehostapp is being deprecated from cmake targets. Use oehost instead. See #2595.
- In the next release (v0.10), system EDL will no longer be compiled into OE libraries by default (COMPILE_SYSTEM_EDL will be OFF by default). See the [system EDL opt-in document] (docs/DesignDocs/system_ocall_opt_in.md#how-to-port-your-application) for more details on how to rebuild the SDK to match this behavior and for guidance on porting your application to the new model.
v0.8.2 - 2020-03-10
- OpenSSL engine support to oesign to allow signing keys via engines.
- NuGet package validation using CI/CD.
- Released packages include Load Value Injection(LVI) mitigated libraries, required build configuration and instructions.
- Optimized switchless ocall scheduling.
- oedebugrt.pdb is part of the SDK package and needs to be copied to the host application folder along with oedebugrt.dll to enable debugging on Windows.
- OpenEnclave SDK includes LVI mitigated libs and an LVI mitigation build configuration for the vulnerability disclosed in CVE-2020-0551.
- Applications built on top the SDK can optionally link against the mitigated libs using the LVI mitigation build configuration.
- See LVI Mititgation Documentation for more information.
v0.8.1 - 2020-02-07
- Fixed Jenkins pipeline to produce a valid open-enclave NuGet package. Fixes #2523.
oe_random()
now depends on the hardware-based source of RNG instead of cryptography libraries.- OCall stack-stitching implemented as per Debugging Contract. OE SDK performs stack stitching instead of the debugger. Enclaves built using a prior release cannot be debugged with this version of oegdb and vice versa.
v0.8.0 - 2020-01-22
- Support for backtracing in debug and release builds.
- Implementations for GNU functions
backtrace
andbacktrace_symbols
(defined in execinfo.h) - Enclaves are built using
-fno-omit-frame-pointer
for accurate backtraces.
- Implementations for GNU functions
- Support for custom attestation data formats via new plugin model. Please refer to the design documentation.
- Support for host side sockets on Windows.
- Support to build OE enclave libraries with stack protector enabled.
- Enable
-fstack-protector-strong
by default for enclave application build configurations in cmake and pkgconfig.
- Enable
- Open Enclave SDK is now officially an incubation project as part of the Linux
Foundation's Confidential Computing Consortium (CCC).
- All contributions are now accepted under the terms of the Developer Certificate of Origin. For details, see Contributing to Open Enclave.
- The copyright for all sources is now attributed to Open Enclave SDK contributors.
- Update Intel DCAP library dependencies to 1.4.1.
- Update Intel PSW dependencies to 2.6.100.2 on Windows.
- Enable
/W2 /WX
on Windows builds by default to treat W2 warnings as errors. - Removed code related to deprecation of strftime.
- Enclave libs and enclaves are built using
-gc-sections
. - Replace OCPWin and OCaml with esy. The CMake-driven OCaml build is replaced with esy and dune. To install esy as a prerequisite:
- On Linux,
sudo ansible-playbook oe-linux-esy-setup.yml
- On Windows,npm install -g [email protected]
- Update Ansible dependency from 2.8.0 to 2.8.2 in /scripts/ansible.
- safecrt.h and safemath.h are not installed as part of the SDK as they are meant for internal consumption.
oe_random()
now correctly returns a fully filled byte buffer for requests of > 1024 bytes.- Add
openenclave
namespace to dl and crypto libraries to prevent symbol collisions. Fixes #2082.
bits/safecrt.h
andbits/safemath.h
are not published anymore. They were not intended for use by enclave authors. They are now moved to internal folder and not part of published headers.
- Update mbedTLS to version 2.16.4. Refer to 2.16.3 and 2.16.4 release notes for the set of issues addressed.
v0.7.0 - 2019-10-26
- Support Intel DCAP attestation on Windows.
- Support
transition_using_threads
EDL attribute in oeedger8r.- This only applies to untrusted functions (ocalls) in this release.
- Using this attribute allows the ocall to be invoked without incurring the performance cost of an enclave context switch.
- Ability to debug ELF enclaves on Windows using Windbg/CDB
- Visual Studio Code CDB Extension
- WinDbg Preview
- The new oedebugrt.dll and accompanying oedebugrt.pdb need to be copied to the app folder to enable this.
- Preview support for 64-bit ARM TrustZone-capable boards with OP-TEE OS
- See the documentation for the list of supported platforms, features, and known issues.
- Transferred repository from microsoft/openenclave to openenclave/openenclave.
- Change debugging contract for oegdb. Enclaves and hosts built prior to this release cannot be debugged with this version of oegdb and vice versa.
- Update Intel DCAP library dependencies to 1.3.
- Update Intel PSW dependencies to 2.7 on Linux and 2.5 on Windows.
- SGX1 configurations always take build dependency on Intel SGX enclave common library.
- Update LLVM libcxx to version 8.0.0.
- Update mbedTLS to version 2.16.2.
- The mbedTLS libraries used in Open Enclave will no longer be compiled with the
following config.h options in the next (v0.8) release:
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
: Considerable advances have been made in breaking SHA1 since our original review and we would like to be more prescriptive in recommending the use of SHA256.MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
: This option provides no perfect forward secrecy and is generally becoming less popular as this is recognized. The ECDHE variants are also more performant.
- Fix enclave heap memory disclosure (CVE-2019-1369).
v0.6.0 - 2019-06-29
- Rename
oe-gdb
tooegdb
for consistency with other tools, such asoesign
. - Update pkg-config and CMake exports to include the following hardening build
flags by default:
- Enclaves will:
- Compile with
-fPIE
instead of-fPIC
. - Link with
-Wl,-z,noexecstack
,-Wl,-z,now
.
- Compile with
- Host apps will:
- Compile with
-D_FORTIFY_SOURCE=2
(only effective if compiling under GCC with-O2
specified) and-fstack-protector-strong
. - Link with
-Wl,-z,noexecstack
. - Note that
-Wl,-z,now
is not enabled by default, but app authors should enable it themselves after assessing its startup impact.
- Compile with
- Enclaves will:
- Removed support for the previously deprecated
OE_API_VERSION=1
APIs. - Update MUSL libc to version 1.1.21.
- Update mbedTLS to version 2.7.11.
v0.5.0 - 2019-04-09
- Open Enclave SDK works in Windows
- Build using Visual Studio 2017's CMake Support
- Build in x64 Native Prompt using Ninja
- Function table/id based ecall/ocall dispatching
- oeedger8r generates ecall tables and ocall tables
- Dispatching based on function-id (index into table)
- oeedger8r generates
oe_create_foo_enclave
function forfoo.edl
- oe-gdb allows attaching to a host that is already running
- oe-gdb allows attaching to a host that is already running
- Added Quote Enclave Identity validation into
oe_verify_report
implementation - Added OE SDK internal logging mechanism
- Support for thread local variables
- Both GNU
__thread
and C++11thread_local
- Both hardware and simulation mode
- Enclaves are compiled using local-exec thread-local model (-ftls-model=local-exec)
- Both GNU
- Added
oe_get_public_key
andoe_get_public_key_by_policy
host functions, which allow the host to get a public key derived from an enclave's identity. - Added v2 versions of the following APIs that instead of passing in buffers now
return a buffer that needs to be freed via an associated free method.
OE_API_VERSION
needs to be set to 2 to pick up the versions. The mentioned APIs have a *_V1 and *_V2 version that the below versions map to detending on theOE_API_VERSION
.oe_get_report
, freereport_buffer
viaoe_free_report
oe_get_target_info
, freetarget_info_buffer
viaoe_free_target_info
oe_get_seal_key
, freekey_buffer
andkey_info
viaoe_free_seal_key
oe_get_seal_key_by_policy
, freekey_buffer
andkey_info
viaoe_free_seal_key
- Added new enumeration for enclave type parameter of
oe_create_enclave
. Now useOE_ENCLAVE_TYPE_AUTO
to have the enclave appropriate to your built environment be chosen automatically. For instance, building Intel binaries will select SGX automatically, where on ARM it will pick TrustZone. - Added three new APIs for attestation certificate generation and verification
oe_create_enclave
takes two additional parameters:ocall_table
andocall_table_size
.- Update mbedTLS library to version 2.7.9.
- Update MUSL libc to version 1.1.20.
- Update LLVM libcxx to version 7.0.0.
- Some libcxx headers (e.g.
<string>
) now use C++11 template features and may require compiling with the-std=c++11
option when building with GCC.
- Some libcxx headers (e.g.
- Update minimum required CMake version for building from source to 3.13.1.
- Update minimum required C++ standard for building from source to C++14.
- Moved
oe_seal_policy_t
,oe_asymmetric_key_type_t
,oe_asymmetric_key_format_t
, andoe_asymmetric_key_params_t
tobits/types.h
fromenclave.h
. - Changed minimum required QE ISVSVN version from 1 to 2 for the QE Identity revocation check that is performed during quote verification. Remote reports that were generated with a QE ISVSVN version of 1 will fail during report verification now. To resolve this issue, please install the latest version of the Intel SGX DCAP packages (1.0.1 or newer) on the system that generates the remote report.
- Revamped
oesign
CLI tool arguments parsing. Instead of relying on the arguments order and name, named parameters are used as such:- The
sign
subcommand accepts the following mandatory flags:--enclave-image [-e]
, the enclave image file path--config-file [-c]
, the path of the config file with enclave properties--key-file [-k]
, the path of the private key file used to digitally sign the enclave image
- The
dump
subcommand accepts only the--enclave-image [-e]
mandatory flag, for the enclave file path.
- The
- String based
ocalls
/ecalls
,OE_ECALL
, andOE_OCALL
macros. OE_ENCLAVE_TYPE_UNDEFINED
was removed and replaced withOE_ENCLAVE_TYPE_AUTO
.
- Check support for AVX in platform/OS before setting SECS.ATTRIBUTES.XFRM in enclave.
- Fix CVE-2019-0876
_handle_sgx_get_report
will now write to the supplied argument if it lies in host memory.- Added check for missing null terminator in oeedger8r generated code.
v0.4.1 - 2018-12-21 (DEPRECATED)
v0.4.1 contains a small fix to work with Intel's new ISV version bump.
- This allows the OE SDK to continue to support reports signed by QE SVN=1, and at the same time also allow a newer QE SVN (greater than 1) during the oe_verify_report process.
v0.4.0 - 2018-10-08 (DEPRECATED)
v0.4.0 is the first public preview release, with numerous breaking changes from v0.1.0 as listed below.
- Support building Open Enclave SDK apps with Clang-7.
- Support Intel EDL for host & enclave stub generation with oeedger8r tool.
- Support full SGX DCAP remote report (quote) revocation.
- Expand documentation for running on different configurations.
- Add pkg-config files for building Open Enclave apps in C/C++ for GCC or Clang.
- Add data sealing sample.
- Add
oe_call_host_by_address()
to allow enclaves to make OCALLs by callback pointer. - Add
oe_get_enclave()
to obtain enclave handle to return to host. - Add
oe_get_target_info()
to support SGX local attestation. - Add CMake export configuration to SDK (experimental).
- Standardize naming convention on new Development Guide.
- Standardize Open Enclave APIs to use
size_t
type for buffer sizes. - Standardize Open Enclave APIs to always clear output parameters on error return.
- Change report type detection logic.
- Reports generated by Open Enclave are no longer transparently usable by Intel SGX SDK.
- Change
oe_identity.authorID
field tooe_identity.signerID
. - Clean up thread local storage on return from ECALL.
- Refactor liboecore and liboeenclave dependency.
- All enclave apps must now link liboeenclave.
- Refactor liboecore and liboelibc dependency.
- All enclave apps should call libc for C functions instead.
- Break up remote attestation sample into 4 separate samples.
- Simplify
oe_get_report()
so it doesn't accept unusedreportdata
on host side. - Reduce the set of
oe_result
values returned. - Update mbedTLS library to version 2.7.5.
- Update LLVM libcxx to version 6.0.1.
- Update MUSL libc to version 1.1.19.
- Update libunwind to version 1.3.
- Deprecate oe_call_host and oe_call_enclave methods in favor of EDL generated interfaces.
- Block re-entrant ECALLs. A host servicing an OCALL cannot make an ECALL back into the enclave.
- Remove oe_thread functions. All enclave apps should use libc/libcxx thread functions instead.
- Remove API reference from SDK package. Refer to https://openenclave.io/apidocs/v0.4 instead.
- Remove outdated documents including DesignOverview.pdf.
- Remove oegen, oedump and oeelf tools.
- Remove CMake-based samples.
- Replace test signing PEM files with runtime generated test keys.
- Add appropriate validations for ELF64 in Open Enclave loader.
- Expand libc/libcxx test coverage.
- Build all libraries with Clang-7 Spectre-1 mitigation (-x86-speculative-load-hardening).
- Update code to use safe CRT and secure memset/zero memory methods.
- Fix integer overflows and add arithmetic boundary checks in Open Enclave runtime.
- Fix cert chain validation during Open Enclave quote verification.
v0.1.0 - 2018-06-15 (YANKED)
Initial private preview release, no longer supported.