Date   

Open Enclave SDK SIG-Attestation Meeting Series - Wed, 11/04/2020 #cal-notice

oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
 

Open Enclave SDK SIG-Attestation Meeting Series

When:
Wednesday, 4 November 2020
10:00am to 11:00am
(GMT-08:00) America/Los Angeles

Where:
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

Organizer:
radhikaj@...

Description:
Please join us for technical discussions related Attestation in the Open Enclave SDK.

Join Zoom Meeting
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

 

Agenda and Minutes:  https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A

Meeting ID: 995 5293 2630
Password: 010209
One tap mobile
+12532158782,,99552932630#,,1#,010209# US (Tacoma)
+13462487799,,99552932630#,,1#,010209# US (Houston)

Dial by your location
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 312 626 6799 US (Chicago)
        +1 929 205 6099 US (New York)
        +1 301 715 8592 US (Germantown)
        877 853 5247 US Toll-free
        888 788 0099 US Toll-free
Meeting ID: 995 5293 2630
Password: 010209
Find your local number: https://zoom.us/u/au4r6sLy7


Re: CCC Webinar - Confidential Computing: Protecting Applications and Data in Use

Nicolae Paladi
 

Hi Radhika,
thank you for the invite;
The registration link seems to be broken, I get a 404.
The link for the agenda is fine.

Best regards,
Nicolae

On 3 Nov 2020, at 23:48, Radhika Jandhyala via lists.confidentialcomputing.io <radhikaj=microsoft.com@lists.confidentialcomputing.io> wrote:

Hi Everybody,

You are invited to attend the Confidential Computing Consortium (CCC) webinar "Confidential Computing: Protecting Applications and Data in Use".

In this webinar, experts from the CCC will define confidential computing, discuss how businesses are using Confidential Computing today, and review the ecosystem of solutions and open-source projects available to enable applications to make use of confidential computing.

Key topics covered in the webinar include:

* The Confidential Computing definition and comparison to related technologies
* Key properties of Trusted Execution Environments (TEEs) to look for
* Threats mitigated by Confidential Computing technologies
* Utilization paradigms: using application SDKs vs. runtime deployment systems
* The ecosystem available to support confidential computing application development
* Common real-world use cases for Confidential Computing

The webinar will take place live on Tuesday, November 10th, 2020 at 8:30AM Pacific Time (4:30PM BST) and will be recorded for on-demand viewing. If you would like to attend live or received a link to the recording after the event, please register now.

Registration page : https://confidentialcomputing.io/webinar/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconfidentialcomputing.io%2Fwebinar%2F&data=04%7C01%7Csimon.leet%40microsoft.com%7Ce0b5fbe9e26b411afa5a08d87d1e9bd6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637396918777550573%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=KTDsLoK7BcmOxt%2BdrPwqCnLyFUVWBQSs9j2Udq41Rgs%3D&reserved=0>

Agenda: https://docs.google.com/document/d/1jvgt5PRwvs402aEYmMQgitauiKW71EZRsZwn71Zvj70/edit?usp=sharing<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1jvgt5PRwvs402aEYmMQgitauiKW71EZRsZwn71Zvj70%2Fedit%3Fusp%3Dsharing&data=04%7C01%7Csimon.leet%40microsoft.com%7Ce0b5fbe9e26b411afa5a08d87d1e9bd6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637396918777570478%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Q3zUyZkJrehuPCz%2BlwYDf%2FGv1BGjzRPXBmFBkiYstS4%3D&reserved=0>

Thanks,
Radhika







CCC Webinar - Confidential Computing: Protecting Applications and Data in Use

Radhika Jandhyala
 

Hi Everybody,

You are invited to attend the Confidential Computing Consortium (CCC) webinar "Confidential Computing: Protecting Applications and Data in Use".

In this webinar, experts from the CCC will define confidential computing, discuss how businesses are using Confidential Computing today, and review the ecosystem of solutions and open-source projects available to enable applications to make use of confidential computing.

Key topics covered in the webinar include:

* The Confidential Computing definition and comparison to related technologies
* Key properties of Trusted Execution Environments (TEEs) to look for
* Threats mitigated by Confidential Computing technologies
* Utilization paradigms: using application SDKs vs. runtime deployment systems
* The ecosystem available to support confidential computing application development
* Common real-world use cases for Confidential Computing

The webinar will take place live on Tuesday, November 10th, 2020 at 8:30AM Pacific Time (4:30PM BST) and will be recorded for on-demand viewing. If you would like to attend live or received a link to the recording after the event, please register now.

Registration page : https://confidentialcomputing.io/webinar/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fconfidentialcomputing.io%2Fwebinar%2F&data=04%7C01%7Csimon.leet%40microsoft.com%7Ce0b5fbe9e26b411afa5a08d87d1e9bd6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637396918777550573%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=KTDsLoK7BcmOxt%2BdrPwqCnLyFUVWBQSs9j2Udq41Rgs%3D&reserved=0>

Agenda: https://docs.google.com/document/d/1jvgt5PRwvs402aEYmMQgitauiKW71EZRsZwn71Zvj70/edit?usp=sharing<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1jvgt5PRwvs402aEYmMQgitauiKW71EZRsZwn71Zvj70%2Fedit%3Fusp%3Dsharing&data=04%7C01%7Csimon.leet%40microsoft.com%7Ce0b5fbe9e26b411afa5a08d87d1e9bd6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637396918777570478%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Q3zUyZkJrehuPCz%2BlwYDf%2FGv1BGjzRPXBmFBkiYstS4%3D&reserved=0>

Thanks,
Radhika


SIG-Arch special session Monday Nov 9th 9:00 AM PST

Radhika Jandhyala
 

Hi Everybody,

Please join us for technical discussions related to OE SDK project architecture. Please forward the invite as necessary. The agenda is here: https://hackmd.io/@aeva/oesdk-sig-arch.

Join Zoom Meeting
https://zoom.us/j/95309871627?pwd=K1RmbmZtUUowNFhRbWFZRVN4R2VmUT09

Meeting ID: 953 0987 1627
Password: 208079
One tap mobile
+12532158782,,95309871627#,,1#,208079# US (Tacoma)
+16699006833,,95309871627#,,1#,208079# US (San Jose)

Dial by your location
+1 253 215 8782 US (Tacoma)
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
888 788 0099 US Toll-free
877 853 5247 US Toll-free
Meeting ID: 953 0987 1627
Password: 208079
Find your local number: https://zoom.us/u/abCkV8PQIw
Thanks,
Radhika


11/3/2020 5:30 PM PST Sig-testing cancelled

Radhika Jandhyala
 

Hi

The SIG-Testing meeting scheduled for 11/3/2020 at 5:30 PM PST is cancelled as there are no outstanding topics to discuss at this time.

Thanks,
Radhika


Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/28/2020 #cal-notice

oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
 

Open Enclave SDK SIG-Attestation Meeting Series

When:
Wednesday, 28 October 2020
10:00am to 11:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

Organizer:
radhikaj@...

Description:
Please join us for technical discussions related Attestation in the Open Enclave SDK.

Join Zoom Meeting
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

 

Agenda and Minutes:  https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A

Meeting ID: 995 5293 2630
Password: 010209
One tap mobile
+12532158782,,99552932630#,,1#,010209# US (Tacoma)
+13462487799,,99552932630#,,1#,010209# US (Houston)

Dial by your location
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 312 626 6799 US (Chicago)
        +1 929 205 6099 US (New York)
        +1 301 715 8592 US (Germantown)
        877 853 5247 US Toll-free
        888 788 0099 US Toll-free
Meeting ID: 995 5293 2630
Password: 010209
Find your local number: https://zoom.us/u/au4r6sLy7


Re: OpenEnclave SDK v0.12.0 Release

Radhika Jandhyala
 

Hello everyone,

The 0.12.0 version of the Open Enclave SDK has been released.

You can find the release page for v0.12.0 in the link below, where you can download the packages/sources and find the changelog:

https://github.com/openenclave/openenclave/releases/tag/v0.12.0

For the Ubuntu 16.04 and 18.04 packages: they will be published to the production packages.microsoft.com APT repo (for each distro) later this week.

For the Windows NuGet packages: They will be on nuget.org later this week, but for now you can download the NuGet packages available in the "Assets" field in release link above.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!

Release notes

Added

* Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc.
* Added missing attribute validations to oeedger8r C++ implementation.
* Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0/samples/log_callback/README.md>.
* Added APIs and a library for developers to detect leaks in enclaves. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0/docs/DesignDocs/Enabledebugmalloc.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0/samples/debugmalloc/README.md>.
* Added support of QVL/QVE based SGX evidence verification, as described in design doc<https://github.com/openenclave/openenclave/blob/v0.12.0/docs/DesignDocs/SGX_QuoteVerify_Integration.md>.
* Added a new oeverify tool that subsumes the existing host_verify sample which was installed as part of the host verify package.
It is basically the same utility as host_verify with added flexibility to pass a custom format for the evidence to be verified.

Changed

* Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH.
* The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0/samples/attestation/README.md>.
* Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model.
More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0/docs/OpenSSLSupport.md> has been updated to reflect the changes.

Deprecated

* The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020.
Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then.
#3625<https://github.com/openenclave/openenclave/issues/3625> tracks this.
* The Open Enclave SDK will be dropping support for WS2016 after Dec 2020.
Developers and partners using WS2016 will need to move to using WS2019 by then.
#3539<https://github.com/openenclave/openenclave/issues/3539> tracks this.
* The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020.
The recommended compiler while building the SDK from source is Clang.
#3555<https://github.com/openenclave/openenclave/issues/3555> tracks this.

Security

* Security fixes in oeedger8r
* Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
* Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host
from changing corrupting enclave memory by changing these properties.
* Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224).

Known issues

* In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample.

Packages in this release have been tested against the following Intel Packages

On Ubuntu 1804: DCAP: 1.8.100.2-bionic1 PSW: 2.11.100.2-bionic1
On Ubuntu 1604: DCAP: 1.8.100.2-xenial1 PSW: 2.11.100.2-xenial1
On Windows Server 2016: DCAP: 1.8.100.2 PSW: 2.10.100.2
On Windows Server 2019: DCAP: 1.8.100.2 PSW: 2.10.100.2


Thanks,
Radhika



From: Radhika Jandhyala
Sent: Friday, October 16, 2020 9:14 AM
To: oesdk@lists.confidentialcomputing.io
Subject: RE: OpenEnclave SDK v0.12.0 Release

Hi,

We have RC2 packages in v0.12.0-rc2 tag:
https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>


The changes from the RC1 packages are:
- Added APIs and a library for developers to detect leaks in enclaves. See design doc( https://github.com/openenclave/openenclave/blob/master/docs/DesignDocs/Enabledebugmalloc.md) and sample( https://github.com/openenclave/openenclave/tree/master/samples/debugmalloc).
-Windows prereqs script updated to use Intel PSW 2.10.100.2.

Thanks,
Radhika

From: Radhika Jandhyala
Sent: Monday, October 12, 2020 10:13 PM
To: oesdk@lists.confidentialcomputing.io<mailto:oesdk@lists.confidentialcomputing.io>
Subject: OpenEnclave SDK v0.12.0 Release

Hi,


Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!


Release Notes

Added

* Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc.
* Added missing attribute validations to oeedger8r C++ implementation.
* Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>.

Changed

* Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH.
* The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>.
* Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model.
More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes.

Deprecated

* The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020.
Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then.
#3625<https://github.com/openenclave/openenclave/issues/3625> tracks this.
* The Open Enclave SDK will be dropping support for WS2016 after Dec 2020.
Developers and partners using WS2016 will need to move to using WS2019 by then.
#3539<https://github.com/openenclave/openenclave/issues/3539> tracks this.
* The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020.
The recommended compiler while building the SDK from source is Clang.
#3555<https://github.com/openenclave/openenclave/issues/3555> tracks this.

Security

* Security fixes in oeedger8r
* Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
* Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host
from changing corrupting enclave memory by changing these properties.
* Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224).

Known issues

* In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample.



Thanks,
Rahdika


10/27/2020 SIG-Arch meeting at 10:00 AM PST cancelled

Radhika Jandhyala
 

Hi,

Please note that the SIG-Arch meeting scheduled for tomorrow(10/27) at 10:00 AM PST is cancelled.

Thanks,
Radhika


Open Enclave SDK SIG-Attestation Meeting

Yen Lee
 

Hi Everybody.



Please join OE SDK SIG-Attestation meeting series. Here are the details.



Wednesdays 10:00 AM -11:00 AM Pacific Time.





Join Zoom Meeting: https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09



Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A



Meeting ID: 995 5293 2630

Password: 010209

One tap mobile

+12532158782,,99552932630#,,1#,010209# US (Tacoma)

+13462487799,,99552932630#,,1#,010209# US (Houston)



Dial by your location

+1 253 215 8782 US (Tacoma)

+1 346 248 7799 US (Houston)

+1 669 900 6833 US (San Jose)

+1 312 626 6799 US (Chicago)

+1 929 205 6099 US (New York)

+1 301 715 8592 US (Germantown)

877 853 5247 US Toll-free

888 788 0099 US Toll-free

Meeting ID: 995 5293 2630

Password: 010209

Find your local number: https://zoom.us/u/au4r6sLy7


Re: Questions about OpenEnclave

Aeva
 

Hi Jack,

OE SDK is a community-run project, and was contributed to the Confidential Computing Consortium (https://confidentialcomputing.io/) in 2019. While the project is and continues to be very actively developed, and there are several companies using this project in production today, you should make your own decision regarding whether it meets your needs. If you have specific questions about the project, I’m happy to help find answers to them 😊

You can find information about the project’s release roadmap on GitHub, e.g.:
https://github.com/openenclave/openenclave/projects/21
https://github.com/openenclave/openenclave/projects/23

Or by joining the project’s public meetings, which you can find on the calendar:
https://lists.confidentialcomputing.io/g/oesdk/calendar


Regards,
-Aeva

--
Aeva Black

Open Source Program Manager
Azure Confidential Computing

my.pronoun.is/they<https://pronoun.is/they> (what’s this?<https://www.huffpost.com/entry/non-binary-pronouns-why-they-matter_b_5a03107be4b0230facb8419a>)


From: oesdk@lists.confidentialcomputing.io <oesdk@lists.confidentialcomputing.io> On Behalf Of John Goettle via lists.confidentialcomputing.io
Sent: Saturday, October 17, 2020 1:31 PM
To: oesdk@lists.confidentialcomputing.io
Subject: [oesdk] Questions about OpenEnclave

Hi,

I'm building a poker application that requires leveraging a framework for enclave applications, and I'm interested in using Microsoft's OpenEnclave. I'm a bit concerned about building on top of it if there is a risk that the project is abandoned. Would you be willing to provide me more information about OpenEnclave's timeline? Is the SDK production-ready in its current form?

Thank you.

Best,
Jack

--
Jack Goettle
University of Pennsylvania ‘21
Candidate for BSE & MSE: Computer Science
(856)-701-5116<tel:(856)-701-5116> | jgoettle@seas.upenn.edu<mailto:jgoettle@seas.upenn.edu>


Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/21/2020 #cal-notice

oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
 

Open Enclave SDK SIG-Attestation Meeting Series

When:
Wednesday, 21 October 2020
10:00am to 11:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

Organizer:
radhikaj@...

Description:
Please join us for technical discussions related Attestation in the Open Enclave SDK.

Join Zoom Meeting
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

 

Agenda and Minutes:  https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A

Meeting ID: 995 5293 2630
Password: 010209
One tap mobile
+12532158782,,99552932630#,,1#,010209# US (Tacoma)
+13462487799,,99552932630#,,1#,010209# US (Houston)

Dial by your location
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 312 626 6799 US (Chicago)
        +1 929 205 6099 US (New York)
        +1 301 715 8592 US (Germantown)
        877 853 5247 US Toll-free
        888 788 0099 US Toll-free
Meeting ID: 995 5293 2630
Password: 010209
Find your local number: https://zoom.us/u/au4r6sLy7


Sig-Attestation for 10/21 10:00 AM PST Canceled

Radhika Jandhyala
 

Hi

This meeting is canceled since several stakeholders have a conflict and cant attend.

Radhika


Sig-Arch today 10/20 at 5:30 PM PST

Radhika Jandhyala
 

Hi everybody,



Instead of SIG-Testing, we will have SIG-Arch meeting today at 5:30 PM.



Please join us for technical discussions related to OE SDK project architecture. Please forward the invite as necessary. The agenda is here: https://hackmd.io/@aeva/oesdk-sig-arch.

When:
Tuesday, 7 April 2020
10:00am to 11:00am
(UTC-07:00) America/Los Angeles
Repeats: Weekly on Tuesday

Join Zoom Meeting
https://zoom.us/j/95309871627?pwd=K1RmbmZtUUowNFhRbWFZRVN4R2VmUT09

Meeting ID: 953 0987 1627
Password: 208079
One tap mobile
+12532158782,,95309871627#,,1#,208079# US (Tacoma)
+16699006833,,95309871627#,,1#,208079# US (San Jose)

Dial by your location
+1 253 215 8782 US (Tacoma)
+1 669 900 6833 US (San Jose)
+1 346 248 7799 US (Houston)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 929 205 6099 US (New York)
888 788 0099 US Toll-free
877 853 5247 US Toll-free
Meeting ID: 953 0987 1627
Password: 208079
Find your local number: https://zoom.us/u/abCkV8PQIw
Thanks,
Radhika


Questions about OpenEnclave

John Goettle <jgoettle@...>
 

Hi,

I'm building a poker application that requires leveraging a framework for enclave applications, and I'm interested in using Microsoft's OpenEnclave. I'm a bit concerned about building on top of it if there is a risk that the project is abandoned. Would you be willing to provide me more information about OpenEnclave's timeline? Is the SDK production-ready in its current form?

Thank you.

Best,
Jack

--
Jack Goettle
University of Pennsylvania ‘21
Candidate for BSE & MSE: Computer Science


Re: OpenEnclave SDK v0.12.0 Release

Radhika Jandhyala
 

Hi,

We have RC2 packages in v0.12.0-rc2 tag:
https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>


The changes from the RC1 packages are:
- Added APIs and a library for developers to detect leaks in enclaves. See design doc( https://github.com/openenclave/openenclave/blob/master/docs/DesignDocs/Enabledebugmalloc.md) and sample( https://github.com/openenclave/openenclave/tree/master/samples/debugmalloc).
-Windows prereqs script updated to use Intel PSW 2.10.100.2.

Thanks,
Radhika

From: Radhika Jandhyala
Sent: Monday, October 12, 2020 10:13 PM
To: oesdk@lists.confidentialcomputing.io
Subject: OpenEnclave SDK v0.12.0 Release

Hi,


Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!


Release Notes

Added

* Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc.
* Added missing attribute validations to oeedger8r C++ implementation.
* Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>.

Changed

* Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH.
* The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>.
* Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model.
More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes.

Deprecated

* The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020.
Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then.
#3625<https://github.com/openenclave/openenclave/issues/3625> tracks this.
* The Open Enclave SDK will be dropping support for WS2016 after Dec 2020.
Developers and partners using WS2016 will need to move to using WS2019 by then.
#3539<https://github.com/openenclave/openenclave/issues/3539> tracks this.
* The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020.
The recommended compiler while building the SDK from source is Clang.
#3555<https://github.com/openenclave/openenclave/issues/3555> tracks this.

Security

* Security fixes in oeedger8r
* Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
* Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host
from changing corrupting enclave memory by changing these properties.
* Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224).

Known issues

* In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample.



Thanks,
Rahdika


Open Enclave SDK SIG-Attestation Meeting Series - Wed, 10/14/2020 #cal-notice

oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
 

Open Enclave SDK SIG-Attestation Meeting Series

When:
Wednesday, 14 October 2020
10:00am to 11:00am
(GMT-07:00) America/Los Angeles

Where:
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

Organizer:
radhikaj@...

Description:
Please join us for technical discussions related Attestation in the Open Enclave SDK.

Join Zoom Meeting
https://zoom.us/j/99552932630?pwd=d1NCR2FkS2gwY0w3Wm9aK096cXZzUT09

 

Agenda and Minutes:  https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A

Meeting ID: 995 5293 2630
Password: 010209
One tap mobile
+12532158782,,99552932630#,,1#,010209# US (Tacoma)
+13462487799,,99552932630#,,1#,010209# US (Houston)

Dial by your location
        +1 253 215 8782 US (Tacoma)
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 312 626 6799 US (Chicago)
        +1 929 205 6099 US (New York)
        +1 301 715 8592 US (Germantown)
        877 853 5247 US Toll-free
        888 788 0099 US Toll-free
Meeting ID: 995 5293 2630
Password: 010209
Find your local number: https://zoom.us/u/au4r6sLy7


10/14/20 SIG-Attestation meeting cancelled

Yen Lee
 

Hi,

The SIG-Attestation meeting scheduled for 10/14/2020, 10:00 AM PDT is cancelled because there are no topics to discuss at this time.

Thanks.

Yen


SiG-Attestation canceled for tomorrow

Radhika Jandhyala
 

Hi

The SIG-Attestation meeting scheduled for 10:00 AM PST tomorrow( 10/14/2020) is canceled as there is no agenda for tomorrow.

Thanks
Radhika


OpenEnclave SDK v0.12.0 Release

Radhika Jandhyala
 

Hi,


Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!


Release Notes

Added

* Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc.
* Added missing attribute validations to oeedger8r C++ implementation.
* Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>.

Changed

* Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH.
* The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>.
* Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model.
More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes.

Deprecated

* The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020.
Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then.
#3625<https://github.com/openenclave/openenclave/issues/3625> tracks this.
* The Open Enclave SDK will be dropping support for WS2016 after Dec 2020.
Developers and partners using WS2016 will need to move to using WS2019 by then.
#3539<https://github.com/openenclave/openenclave/issues/3539> tracks this.
* The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020.
The recommended compiler while building the SDK from source is Clang.
#3555<https://github.com/openenclave/openenclave/issues/3555> tracks this.

Security

* Security fixes in oeedger8r
* Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
* Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host
from changing corrupting enclave memory by changing these properties.
* Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224).

Known issues

* In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample.



Thanks,
Rahdika


Re: OpenEnclave SDK v0.11.0 Release

Radhika Jandhyala
 

Hi,


Open Enclave version 0.12.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.12.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!


Release Notes

Added

* Initial implementation of the Malloc Info API<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/Mallinfo.md> for dlmalloc (default allocator), and snmalloc.
* Added missing attribute validations to oeedger8r C++ implementation.
* Added new API oe_log_message. See design doc<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/DesignDocs/oe_log_message()_callback_proposal.md> and sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/log_callback/README.md>.

Changed

* Fixed #3543<https://github.com/openenclave/openenclave/issues/3543>, updated openenclaverc file and documents on Windows to avoid overwriting CMAKE_PREFIX_PATH.
* The local and remote attestation samples are merged into a single sample<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/samples/attestation/README.md>.
* Disabled a set of OpenSSL APIs/macros that are considered as unsafe based on OE's threat model.
More specifically, those APIs allow users to configure an OpenSSL application to read certificates from the host filesystem, which is not trusted, and therefore not recommended for use in enclaves. OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.12.0-rc1/docs/OpenSSLSupport.md> has been updated to reflect the changes.

Deprecated

* The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020.
Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then.
#3625<https://github.com/openenclave/openenclave/issues/3625> tracks this.
* The Open Enclave SDK will be dropping support for WS2016 after Dec 2020.
Developers and partners using WS2016 will need to move to using WS2019 by then.
#3539<https://github.com/openenclave/openenclave/issues/3539> tracks this.
* The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020.
The recommended compiler while building the SDK from source is Clang.
#3555<https://github.com/openenclave/openenclave/issues/3555> tracks this.

Security

* Security fixes in oeedger8r
* Fix TOCTOU vulnerability in NULL terminator checks for ocall in/out string parameters.
* Count/size properties in deep-copied in/out structs are treated as read-only to prevent the host
from changing corrupting enclave memory by changing these properties.
* Fixed Socket syscalls can leak enclave memory contents<https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m> (CVE-2020-15224).

Known issues

* In the open-enclave-hostverify package, the host-verify sample cannot be built with cmake. Use make to build it on Linux. On Windows, it cannot be built currently. #3300<https://github.com/openenclave/openenclave/issues/3300> tracks issues related to the host-verify sample.



Thanks,
Rahdika

121 - 140 of 227