Skip to content

v0.13.0: Update version

Pre-release
Pre-release
Compare
Choose a tag to compare
@radhikaj radhikaj released this 16 Dec 00:22
· 2 commits to v0.13.x since this release
v0.13.0
8f44fa9

Breaking Changes

  • liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake.
    • The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave.
    • Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave.
    • See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file.
    • Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags.
    • See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file.

Added

  • OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample for an example of building enclaves with OpenSSL.

  • Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report().

  • Added the following SGX attestation claims from oe_verify_evidence():
    OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED
    OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID
    OE_CLAIM_SGX_IS_MODE64BIT
    OE_CLAIM_SGX_HAS_PROVISION_KEY
    OE_CLAIM_SGX_HAS_EINITTOKEN_KEY
    OE_CLAIM_SGX_USES_KSS
    OE_CLAIM_SGX_CONFIG_ID
    OE_CLAIM_SGX_CONFIG_SVN
    OE_CLAIM_SGX_ISV_FAMILY_ID
    Added the following fields for SGX KSS (Key Separation and Sharing) support:
    FamilyID
    ExtendedProductID

Changed

  • Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case.
  • Changed the attestation evidence extension OIDs for certificates generated by the following APIs. Verifiers must call oe_verify_attestation_certificate APIs from v.0.11.0 or above.
    oe_generate_attestation_certificate(): "1.3.6.1.4.1.311.105.1"
    oe_get_attestation_certificate_with_evidence(): "1.3.6.1.4.1.311.105.2"

Packages in this release have been tested against the following Intel packages

On Ubuntu 1804: DCAP: 1.9.100.3-bionic1 PSW: 2.12.100.3-bionic1
On Ubuntu 1604: DCAP: 1.9.100.3-xenial1 PSW: 2.12.100.3-xenial1
On Windows Server 2016: DCAP: 1.9.100.3 PSW: 2.11.100.3
On Windows Server 2019: DCAP: 1.9.100.3 PSW: 2.11.100.3

Assets 8
Loading