|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/07/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location
|
|
|
|
Deprecation of Support for Ubuntu 16.04
Radhika Jandhyala
Hi,
We plan to drop support for Ubuntu 16.04 after Dec 2020. Partners using Ubuntu 16.04 should plan on upgrading to Ubuntu 18.04 or Ubuntu 20.04(being targeted for v0.14 release). https://github.com/openenclave/openenclave/issues/3625 tracks this. Please comment on the issue with questions and concerns you have regarding this. Thanks, Radhika
|
|
|
|
Updated Event: OE SDK SIG-Testing Meeting
#cal-invite
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
OE SDK SIG-Testing Meeting When: Where: Organizer: Aeva aevander@... Description: A meeting to discuss all things testing! Join Zoom Meeting Meeting ID: 997 4021 1738 Dial by your location
|
|
|
|
Event: OE SDK Sig-Architecture on Tuesday evenings
#cal-invite
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
OE SDK Sig-Architecture on Tuesday evenings When: Where: Organizer: Radhika Jandhyala radhikaj@... Description: Meeting agenda and minutes: https://hackmd.io/@aeva/oesdk-sig-arch. Meeting ID: 953 0987 1627 Dial by your location
|
|
|
|
Updated Event: OE SDK SIG-Architecture Meeting
#cal-invite
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
OE SDK SIG-Architecture Meeting When: Where: Organizer: Aeva aevander@... Description: Meeting agenda and minutes: https://hackmd.io/@aeva/oesdk-sig-arch. Meeting ID: 953 0987 1627 Dial by your location
|
|
|
|
Updated Event: OE SDK SIG-Architecture Meeting
#cal-invite
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
OE SDK SIG-Architecture Meeting When: Where: Organizer: Aeva aevander@... Description: Meeting agenda and minutes: https://hackmd.io/@aeva/oesdk-sig-arch. Meeting ID: 953 0987 1627 Dial by your location
|
|
|
|
Updated Event: OE SDK Sig-Architecture on Tuesday evenings
#cal-invite
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
OE SDK Sig-Architecture on Tuesday evenings When: Where: Organizer: Radhika Jandhyala radhikaj@... Description: Meeting agenda and minutes: https://hackmd.io/@aeva/oesdk-sig-arch. Meeting ID: 953 0987 1627 Dial by your location
|
|
|
|
Re: OpenEnclave SDK v0.11.0 Release
Radhika Jandhyala
Hi,
Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Release Notes Added * Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc. * Added missing attribute validations to oeedger8r C++ implementation. * Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>. Changed * Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH. * The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>. * Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model. More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes. Deprecated * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. Security * Security fixes in oeedger8r * Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters. * Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host from changing corrupting enclave memory by changing these properties. * Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224). Known issues * In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample. Thanks, Rahdika
|
|
|
|
OpenEnclave SDK v0.12.0 Release
Radhika Jandhyala
Hi,
Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Release Notes Added * Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc. * Added missing attribute validations to oeedger8r C++ implementation. * Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>. Changed * Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH. * The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>. * Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model. More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes. Deprecated * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. Security * Security fixes in oeedger8r * Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters. * Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host from changing corrupting enclave memory by changing these properties. * Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224). Known issues * In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample. Thanks, Rahdika
|
|
|
|
SiG-Attestation canceled for tomorrow
Radhika Jandhyala
Hi
The SIG-Attestation meeting scheduled for 10:00 AM PST tomorrow( 10/14/2020) is canceled as there is no agenda for tomorrow. Thanks Radhika
|
|
|
|
10/14/20 SIG-Attestation meeting cancelled
Yen Lee
Hi,
The SIG-Attestation meeting scheduled for 10/14/2020, 10:00 AM PDT is cancelled because there are no topics to discuss at this time. Thanks. Yen
|
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/14/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location
|
|
|
|
Re: OpenEnclave SDK v0.12.0 Release
Radhika Jandhyala
Hi,
We have RC2 packages in v0.12.0-rc2 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> The changes from the RC1 packages are: - Added APIs and a library for developers to detect leaks in enclaves. See design doc( https://github.com/openenclave/openenclave/blob/master/docs/DesignDocs/Enabledebugmalloc.md) and sample( https://github.com/openenclave/openenclave/tree/master/samples/debugmalloc). -Windows prereqs script updated to use Intel PSW 2.10.100.2. Thanks, Radhika From: Radhika Jandhyala Sent: Monday, October 12, 2020 10:13 PM To: oesdk@... Subject: OpenEnclave SDK v0.12.0 Release Hi, Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Release Notes Added * Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc. * Added missing attribute validations to oeedger8r C++ implementation. * Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>. Changed * Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH. * The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>. * Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model. More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes. Deprecated * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. Security * Security fixes in oeedger8r * Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters. * Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host from changing corrupting enclave memory by changing these properties. * Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224). Known issues * In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample. Thanks, Rahdika
|
|
|
|
Questions about OpenEnclave
John Goettle <jgoettle@...>
Hi, I'm building a poker application that requires leveraging a framework for enclave applications, and I'm interested in using Microsoft's OpenEnclave. I'm a bit concerned about building on top of it if there is a risk that the project is abandoned. Would you be willing to provide me more information about OpenEnclave's timeline? Is the SDK production-ready in its current form? Thank you. Best, Jack Jack Goettle University of Pennsylvania ‘21 Candidate for BSE & MSE: Computer Science
|
|
|
|
Sig-Arch today 10/20 at 5:30 PM PST
Radhika Jandhyala
Hi everybody,
Instead of SIG-Testing, we will have SIG-Arch meeting today at 5:30 PM. Please join us for technical discussions related to OE SDK project architecture. Please forward the invite as necessary. The agenda is here: https://hackmd.io/@aeva/oesdk-sig-arch. When: Tuesday, 7 April 2020 10:00am to 11:00am (UTC-07:00) America/Los Angeles Repeats: Weekly on Tuesday Join Zoom Meeting https://zoom.us/j/95309871627?pwd=K1RmbmZtUUowNFhRbWFZRVN4R2VmUT09 Meeting ID: 953 0987 1627 Password: 208079 One tap mobile +12532158782,,95309871627#,,1#,208079# US (Tacoma) +16699006833,,95309871627#,,1#,208079# US (San Jose) Dial by your location +1 253 215 8782 US (Tacoma) +1 669 900 6833 US (San Jose) +1 346 248 7799 US (Houston) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 953 0987 1627 Password: 208079 Find your local number: https://zoom.us/u/abCkV8PQIw Thanks, Radhika
|
|
|
|
Sig-Attestation for 10/21 10:00 AM PST Canceled
Radhika Jandhyala
Hi
This meeting is canceled since several stakeholders have a conflict and cant attend. Radhika
|
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/21/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location
|
|
|
|
Re: Questions about OpenEnclave
Aeva
Hi Jack,
OE SDK is a community-run project, and was contributed to the Confidential Computing Consortium (https://confidentialcomputing.io/) in 2019. While the project is and continues to be very actively developed, and there are several companies using this project in production today, you should make your own decision regarding whether it meets your needs. If you have specific questions about the project, I’m happy to help find answers to them 😊 You can find information about the project’s release roadmap on GitHub, e.g.: https://github.com/openenclave/openenclave/projects/21 https://github.com/openenclave/openenclave/projects/23 Or by joining the project’s public meetings, which you can find on the calendar: https://lists.confidentialcomputing.io/g/oesdk/calendar Regards, -Aeva -- Aeva Black Open Source Program Manager Azure Confidential Computing my.pronoun.is/they<https://pronoun.is/they> (what’s this?<https://www.huffpost.com/entry/non-binary-pronouns-why-they-matter_b_5a03107be4b0230facb8419a>) From: oesdk@... <oesdk@...> On Behalf Of John Goettle via lists.confidentialcomputing.io Sent: Saturday, October 17, 2020 1:31 PM To: oesdk@... Subject: [oesdk] Questions about OpenEnclave Hi, I'm building a poker application that requires leveraging a framework for enclave applications, and I'm interested in using Microsoft's OpenEnclave. I'm a bit concerned about building on top of it if there is a risk that the project is abandoned. Would you be willing to provide me more information about OpenEnclave's timeline? Is the SDK production-ready in its current form? Thank you. Best, Jack -- Jack Goettle University of Pennsylvania ‘21 Candidate for BSE & MSE: Computer Science (856)-701-5116<tel:(856)-701-5116> | jgoettle@...<mailto:jgoettle@...> ᐧ
|
|
|
|
Open Enclave SDK SIG-Attestation Meeting
Yen Lee
Hi Everybody.
Please join OE SDK SIG-Attestation meeting series. Here are the details. Wednesdays 10:00 AM -11:00 AM Pacific Time. Join Zoom Meeting: https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09 Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Password: 010209 One tap mobile +12532158782,,99552932630#,,1#,010209# US (Tacoma) +13462487799,,99552932630#,,1#,010209# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) +1 301 715 8592 US (Germantown) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 995 5293 2630 Password: 010209 Find your local number: https://zoom.us/u/au4r6sLy7
|
|
|
|
10/27/2020 SIG-Arch meeting at 10:00 AM PST cancelled
Radhika Jandhyala
Hi,
Please note that the SIG-Arch meeting scheduled for tomorrow(10/27) at 10:00 AM PST is cancelled. Thanks, Radhika
|
|
|