Open Enclave SDK Update Recommendation


Yen Lee
 

Hi Everybody,

 

Starting July 31, 2021, Azure DCAP Client will have a new policy to update SGX collateral in a different cadence. It is recommended that you rebuild with the latest Open Enclave SDK releases if your applications rely on Azure DCAP Client to provide verification collateral and call any of the following Open Enclave APIs for evidence verification:

  • oe_verify_evidence
  • oe_verify_report
  • oe_verify_report_v2
  • oe_verify_remote_report
  • oe_verify_attestation_certificate
  • oe_verify_attestation_certificate_with_evidence
  • oe_verify_attestation_certificate_with_evidence_v2

 

Quick fix has been applied to the following Open Enclave releases:

  • v0.14.1
  • v0.15.1
  • v0.17.1 or later

 

In addition, V0.17.1 fixes CVE-2021-33767 and it is therefore highly recommended that you move to v0.17.1.

 

Thanks,

Yen Lee