v0.15.0 Release


Radhika Jandhyala
 

Hi,


Open Enclave version 0.15.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2019, Ubuntu 18.04; Windows Server 2016, and Ubuntu 16.04 are no longer supported) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.15.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=04%7C01%7Cradhikaj%40microsoft.com%7C172a202040934c4030e608d8f486447d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637528204794007265%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0hj1%2FqSHuUAbHOlQbdgFls8vCpXvlCBdp21esf0MYzs%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!

Thanks

Radhika

Release Notes
Added

* Oeedger8r now supports the warning flag -W. The available options include:
* -Wreturn-ptr: Check if an OCALL or ECALL returns a pointer.
* -Wptr-in-struct: Check if a user-defined struct includes a un-annotated pointer member.
* -Wforeign-type-ptr: Check if an OCALL or ECALL includes a parameter that is the pointer of a foreign type.
* -Wptr-in-function: Check if an OCALL or ECALL includes a un-annotated pointer argument.
* -Wall: Enable all the warning options.
* -Wno-: Disable the corresponding warning.
* -Werror: Turn warnings into errors.
* -Werror=: Turn the specified warning into an error.
* oesign sign now allows option -o/--output-file, to specify location to write signature of enclave image.
* Debugger Contract has been extended to support multiple modules.
* Refer to design document<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Fblob%2Fv0.15.0-rc1%2Fdocs%2FDesignDocs%2FDebuggerSupportForMultiModuleEnclaves.md&data=04%7C01%7Cradhikaj%40microsoft.com%7C172a202040934c4030e608d8f486447d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637528204794007265%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9ffCRwlhMfqvocl9ihBD1Uh7C28aioUC1o%2B3c2Dw1cY%3D&reserved=0> for details.

Changed

* oe_get_attestation_certificate_with_evidence() has been deprecated because it has been deemed insufficient for security. Use the new, experimental oe_get_attestation_certificate_with_evidence_v2() instead to generate a self-signed certificate for use in the TLS handshaking process.
* Debugger Contract
* path fields in oe_debug_enclave_t and oe_debug_module_t are now defined to be in
UTF-8 encoding. Previously the encoding was undefined. To ensure smooth transition, debuggers
are required to try out both UTF-8 as well as the previous encoding and pick the one that works.

Security

* Update mbedTLS to version 2.16.10. Refer to the 2.16.10<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbedtls%2Freleases%2Ftag%2Fv2.16.10&data=04%7C01%7Cradhikaj%40microsoft.com%7C172a202040934c4030e608d8f486447d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637528204794017224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=A4YCcfFQDR1zjhwg2B8EXCDwnavfQiJs%2B7owmZ3LhiE%3D&reserved=0> and 2.16.9<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbedtls%2Freleases%2Ftag%2Fv2.16.9&data=04%7C01%7Cradhikaj%40microsoft.com%7C172a202040934c4030e608d8f486447d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637528204794017224%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1mIdljMLqecIwqlM6V7Pmm%2F0l1GubYMEmPYx5rhbeyI%3D&reserved=0> release notes for the set of issues addressed.
* OPENSSL is updated to version 1.1.1k.

Join oesdk@lists.confidentialcomputing.io to automatically receive all group messages.