|
SIG-Attestation meetings cancelled
Yen Lee
Hi,
The SIG-Attestation meeting scheduled for 10:00 AM PST 1/13/2021 is cancelled as there are no topics to be discussed. Thanks, Yen |
|
|
|
5:30 PM PST 1/12/2021 SIG-Testing cancelled
Radhika Jandhyala
Hi,
The SIG-Testing meeting scheduled for 5:30 PM PST 1/12/2021 is cancelled as there are no topics to be discussed. Thanks, Radhika |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 01/06/2021
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|
|
SIG-Testing today at 5:30 PM PST cancelled
Radhika Jandhyala
Hi Everybody,
The SIG-Testing meeting scheduled to be held at 5:30 PM PST 1/5/2021 is cancelled. Thanks, Radhika |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 12/30/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 12/23/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|
|
CFP: FOSDEM 2021 (Online) - Hardware-Aided Trusted Computing Devroom
jo.vanbulck@...
Dear OpenEnclave community,
As you may or may not know, we are organizing the 2nd (online) edition of a "hardware-aided trusted computing" devroom at the upcoming FOSDEM 21 conference. FOSDEM is one of the biggest open-source events in the world, which is attended each year by thousands of open-source enthusiasts, users, and contributors. The next FOSDEM will necessarily take place online, 6&7 February 2021. We already have several talk proposal submissions for the TEE devroom, but I cannot see OE-related submissions at the moment. I personally think OE is one of the prominent and ambitious TEE open-source projects, so I just wanted to point you attention to this opportunity. This year's online edition allows to present your exciting open-source TEE research projects to a worldwide broad community and maybe even find new followers or contributors. The submission deadline for talk proposals (it can be a short title and abstract of a few sentences) is next week December 23, 2020, but you are encouraged to submit proposals asap to help organization going smooth. The talk recordings for accepted talks would be prepared first half of January, and the conference with live Q&A is Feb 6-7 2021. You can find the full CFP here (also pasted below for convenience): https://jovanbulck.github.io/fosdem21-cfp I of course understand you may or may not prefer to give an online talk and you may be busy, so consider my email as merely a kind FYI :-) Feel free to reach out with any questions you may have. Best regards and wishing you all a happy end of the year! Jo —————— 8<—————— # FOSDEM 2021 (Online) - Hardware-Aided Trusted Computing Devroom Call For Participation ## About FOSDEM [FOSDEM](https://fosdem.org/2021/) is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels. In 2021, they will gather online. FOSDEM is free to attend. There is no registration. ## Devroom overview and objectives Following the success of [last year's edition](https://archive.fosdem.org/2020/schedule/track/hardware_aided_trusted_computing/), we are for the 2nd time organizing a devroom devoted to the emerging open-source ecosystem around *hardware-based Trusted Execution Environments (TEEs)*. Under TEEs, we understand architectures that allow to isolate and attest trusted "enclave" software components running on top of a potentially compromised operating system. Over the last years, all major processor vendors have developed some form of TEE support, e.g., Intel's [Software Guard Extensions (SGX)](https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions.html) and upcoming [Trust Domain Extensions (TDX)](https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html), ARM's [TrustZone](https://developer.arm.com/ip-products/security-ip/trustzone) and upcoming [Morello](https://developer.arm.com/architectures/cpu-architecture/a-profile/morello), AMD's [Secure Encrypted Virtualization (SEV)](https://developer.amd.com/sev/) and upcoming SEV-ES/SEV-SNP extensions, and IBM's [Protected Execution Facility (PEF)](https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html). Hence, with today's mainstream consumer hardware being increasingly shipped with these advanced trusted computing technologies, this devroom wants to foster discussion on the much-needed open-source TEE ecosystem amongst industry players, academics, enthusiasts, hobbyists, and project maintainers. ## Desirable topics The devroom's topics of interest include, but are not limited to: * Programming frameworks for TEEs: how to develop free and open-source software that can run inside enclaves (e.g., library OSs, SDKs, Linux kernel support, etc.). * Compiler and language support for emerging trusted hardware extensions. * Open-source enclave processor designs (e.g., RISC-V TEEs). * Use cases and applications on top of TEEs. * TEE-specific attacks and defenses: reverse engineering, side-channels, vulnerabilities, exploits. * Vision: future TEEs (what is missed, proposals, wishes, discussions). ## New rules: What changes since last year For obvious reasons, this year the event will not take place in a physical location but online. * The reference time will be [Brussels local lime (CET)](https://www.timeanddate.com/worldclock/belgium/brussels). * Talks will be pre-recorded in advance, and streamed during the event. * Q/A session will be take live. * A facility will be provided for people watching to chat between themselves. * A facility will be provided for people watching to submit questions. * Once your talk was accepted, we will assign you a deputy to help you to produce the pre-recorded content. * During the stream of your talk, you must be available online for the Q/A session ## Key dates * <mark>Submission deadline: 23 December 2020</mark> * Announcement of selected talks: 31 December 2020 * Conference dates 6 & 7 February 2021 **(online)** * Hardware-Aided Trusted Computing devroom date: Saturday 6 February 2021 **(online)** ## Submit a talk proposal Submissions are required to proceed through the [FOSDEM 2021 Pentabarf website](https://penta.fosdem.org/submission/FOSDEM21). Create an "event" and click on "Show all" in the top right corner to display the full form. Your submission must include the following information: * Your contact email. * The title (and possible subtitle) of your talk: please be descriptive, as the audience will have to choose to attend your talk out of a listing with ~500 talks from other projects at FOSDEM. * Select "Hardware-Aided Trusted Computing devroom" as the track. * A short abstract of one paragraph. * A longer description if you wish to do so. * Links to related websites / blogs etc. ## Contact and organizers * Main organizer: Jo Van Bulck (jo.vanbulck@...) * The devroom is supported by the [Confidential Computing Consortium](https://confidentialcomputing.io/). —————— 8<—————— |
|
|
|
Re: What is the latest version of OP-TEE supported by Open Enclave?
Zhao, Shirley
Thanks for your feedback, Hernan.
toggle quoted message
Show quoted text
So the optee-os used by Open Enclave is actually on URL: https://github.com/ms-iot/optee_os. Not the one released on OP-TEE official git hub, right? Can I say the reason is MS make some update in OP-TEE to make it co-work with Open Enclave?? Thanks. - Shirley -----Original Message-----
From: hegatta via [] <hegatta=microsoft.com@[]> Sent: Friday, December 18, 2020 12:17 PM To: Zhao; Zhao, Shirley <shirley.zhao@...>; oesdk@... Subject: Re: [oesdk] What is the latest version of OP-TEE supported by Open Enclave? Shirley, Open Enclave currently supports a fork of OP-TEE based on version 3.6.0: URL: https://github.com/ms-iot/optee_os Commit Hash: d1634ce8ff4a39242d4d333392e260e00405e471 This repository and commit pair are referenced by the SDK via a Git submodule as found under 3rdparty/optee/optee_os. The fork in question contains changes that allow Open Enclave and OP-TEE to work together. These changes are in the process of being upstreamed. Feel free to let me know if you have additional questions. Best regards, Hernan |
|
|
|
Re: What is the latest version of OP-TEE supported by Open Enclave?
hegatta@...
Shirley,
Open Enclave currently supports a fork of OP-TEE based on version 3.6.0: URL: https://github.com/ms-iot/optee_os Commit Hash: d1634ce8ff4a39242d4d333392e260e00405e471 This repository and commit pair are referenced by the SDK via a Git submodule as found under 3rdparty/optee/optee_os. The fork in question contains changes that allow Open Enclave and OP-TEE to work together. These changes are in the process of being upstreamed. Feel free to let me know if you have additional questions. Best regards, Hernan |
|
|
|
What is the latest version of OP-TEE supported by Open Enclave?
Zhao, Shirley
Dear Sir or Madam,
This is Shirley from Intel. One question about Open Enclave, which version of OP-TEE is supported by Open Enclave? On OP-TEE git hub, it just released version 3.11.0 on Oct 16, 2020. Thanks a lot. * Shirley |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 12/16/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|
|
All SIG Meetings canceled for the rest of 2020
Radhika Jandhyala
Hi everybody
As most people are out for the holidays, all SIG meetings including triage, arch, testing and attestation meetings are canceled for the rest of 2020. We will resume meetings as scheduled on the project calendar in January. Thanks, Radhika |
|
|
|
Release: v0.13.0
Radhika Jandhyala
Hi Everybody
The 0.13.0 version of the Open Enclave SDK has been released. You can find the release page for v0.13.0 in the link below, where you can download the packages/sources and find the changelog: https://github.com/openenclave/openenclave/releases/tag/v0.13.0 For the Ubuntu 16.04 and 18.04 packages: they will be published to the production packages.microsoft.com APT repo (for each distro) later this week. For the Windows NuGet packages: They will be on nuget.org later this week, but for now you can download the NuGet packages available in the "Assets" field in release link above. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Thanks, Radhika From: Radhika Jandhyala Sent: Thursday, December 10, 2020 8:54 PM To: oesdk@... Subject: Release: v0.13.0 RC2 Hi Everybody, You can find the RC2 packages on GitHub below under the v0.13.0-rc2 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=04%7C01%7Cradhikaj%40microsoft.com%7Cee8691b885c74130597d08d884df9e03%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637405443245640784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RkKy6I2YDSLU1%2BxfQo%2BRs1od391lAQBgP43PCIJ29BE%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! Issues fixed since RC1 * #3767<https://github.com/openenclave/openenclave/pull/3767> fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release. * #3772<https://github.com/openenclave/openenclave/pull/3772> fixes an illegal instruction problem observed on NUC7PJYH as described in #3762<https://github.com/openenclave/openenclave/issues/3762> Thanks, Radhika From: Radhika Jandhyala Sent: Tuesday, December 8, 2020 3:58 PM To: oesdk@...<mailto:oesdk@...> Subject: Release: v0.13.0 RC1 Hi, Open Enclave version 0.13.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.13.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Thanks Radhika Release notes ------------------- Breaking Changes * liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake. * The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave. * Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave. * See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file. * Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags. * See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file. Added * OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample<https://github.com/openenclave/openenclave/blob/v0.13.0-rc1/samples/attested_tls#build-and-run> for an example of building enclaves with OpenSSL. * Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report(). * Added the following SGX attestation claims from oe_verify_evidence(): OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID OE_CLAIM_SGX_IS_MODE64BIT OE_CLAIM_SGX_HAS_PROVISION_KEY OE_CLAIM_SGX_HAS_EINITTOKEN_KEY OE_CLAIM_SGX_USES_KSS OE_CLAIM_SGX_CONFIG_ID OE_CLAIM_SGX_CONFIG_SVN OE_CLAIM_SGX_ISV_FAMILY_ID Added the following fields for SGX KSS (Key Separation and Sharing) support: FamilyID ExtendedProductID Changed * Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case. Known issues Please note that these will be fixed in the final v0.13.x release * #3767<https://github.com/openenclave/openenclave/pull/3767> fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release. * #3772<https://github.com/openenclave/openenclave/pull/3772> has been merged into master but is not included in this RC release. It fixes an illegal instruction problem observed on NUC7PJYH as described in #3762<https://github.com/openenclave/openenclave/issues/3762> As called out in the v0.12.0 release, the following are being deprecated: * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. |
|
|
|
SIG-Attestation meetings cancelled
Yen Lee
Hi,
Most of the people are already on vacation and there's no immediate topic to discuss. All SIG-Attestation meetings for the rest of the year will be cancelled. The next SIG-Attestation meeting will be on 1/6/2021. Happy holidays. Yen |
|
|
|
Release: v0.13.0 RC2
Radhika Jandhyala
Hi Everybody,
You can find the RC2 packages on GitHub below under the v0.13.0-rc2 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=04%7C01%7Cradhikaj%40microsoft.com%7Cee8691b885c74130597d08d884df9e03%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637405443245640784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RkKy6I2YDSLU1%2BxfQo%2BRs1od391lAQBgP43PCIJ29BE%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! Issues fixed since RC1 * #3767<https://github.com/openenclave/openenclave/pull/3767> fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release. * #3772<https://github.com/openenclave/openenclave/pull/3772> fixes an illegal instruction problem observed on NUC7PJYH as described in #3762<https://github.com/openenclave/openenclave/issues/3762> Thanks, Radhika From: Radhika Jandhyala Sent: Tuesday, December 8, 2020 3:58 PM To: oesdk@... Subject: Release: v0.13.0 RC1 Hi, Open Enclave version 0.13.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.13.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Thanks Radhika Release notes ------------------- Breaking Changes * liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake. * The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave. * Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave. * See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file. * Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags. * See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file. Added * OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample<https://github.com/openenclave/openenclave/blob/v0.13.0-rc1/samples/attested_tls#build-and-run> for an example of building enclaves with OpenSSL. * Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report(). * Added the following SGX attestation claims from oe_verify_evidence(): OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID OE_CLAIM_SGX_IS_MODE64BIT OE_CLAIM_SGX_HAS_PROVISION_KEY OE_CLAIM_SGX_HAS_EINITTOKEN_KEY OE_CLAIM_SGX_USES_KSS OE_CLAIM_SGX_CONFIG_ID OE_CLAIM_SGX_CONFIG_SVN OE_CLAIM_SGX_ISV_FAMILY_ID Added the following fields for SGX KSS (Key Separation and Sharing) support: FamilyID ExtendedProductID Changed * Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case. Known issues Please note that these will be fixed in the final v0.13.x release * #3767<https://github.com/openenclave/openenclave/pull/3767> fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release. * #3772<https://github.com/openenclave/openenclave/pull/3772> has been merged into master but is not included in this RC release. It fixes an illegal instruction problem observed on NUC7PJYH as described in #3762<https://github.com/openenclave/openenclave/issues/3762> As called out in the v0.12.0 release, the following are being deprecated: * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 12/09/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|
|
Release: v0.13.0 RC1
Radhika Jandhyala
Hi,
Open Enclave version 0.13.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.13.0-rc1 tag: https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0> Please test these packages and let us know if you come across any issues. Thank you so much for your help! To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so. Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK! Thanks Radhika Release notes ------------------- Breaking Changes * liboecryptombed is now called liboecryptombedtls and will no longer be automatically included as a link dependency when linking liboeenclave in CMake. * The openenclave-config.cmake and openenclave-lvi-mitigation-config.cmake will not specify the renamed liboecryptombedtls as a PUBLIC link requirement for liboeenclave. * Enclave apps that are built with CMake and use the Open Enclave's CMake configurations must now explicitly include OE crypto wrapper library when linking openenclave::oeenclave. * See the CMakeLists.txt in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent CMakeList file. * Enclave apps that are built with Make and rely on Open Enclave's pkgconfig must now explicitly include OE crypto wrapper library in linker dependency flags. * See the Makefile in the helloworld sample for an example. Here OE_CRYPTO_LIB is set to mbedtls in parent MakeList file. Added * OpenSSL version 1.1.1 libraries are now available for an enclave to use. See the attested_tls sample<https://github.com/openenclave/openenclave/blob/v0.13.0-rc1/samples/attested_tls#build-and-run> for an example of building enclaves with OpenSSL. * Enabled oe_verify_evidence() with a NULL format id to verify the legacy report generated by oe_get_report(). * Added the following SGX attestation claims from oe_verify_evidence(): OE_CLAIM_SGX_PF_GP_EXINFO_ENABLED OE_CLAIM_SGX_ISV_EXTENDED_PRODUCT_ID OE_CLAIM_SGX_IS_MODE64BIT OE_CLAIM_SGX_HAS_PROVISION_KEY OE_CLAIM_SGX_HAS_EINITTOKEN_KEY OE_CLAIM_SGX_USES_KSS OE_CLAIM_SGX_CONFIG_ID OE_CLAIM_SGX_CONFIG_SVN OE_CLAIM_SGX_ISV_FAMILY_ID Added the following fields for SGX KSS (Key Separation and Sharing) support: FamilyID ExtendedProductID Changed * Syscalls are internally dispatched directly to their implementation functions instead of via a switch-case. Known issues Please note that these will be fixed in the final v0.13.x release * #3767<https://github.com/openenclave/openenclave/pull/3767> fixes a compiler warning observed while compiling the attested_tls sample on Windows. It has not been merged into master that the time of this release. * #3772<https://github.com/openenclave/openenclave/pull/3772> has been merged into master but is not included in this RC release. It fixes an illegal instruction problem observed on NUC7PJYH as described in #3762<https://github.com/openenclave/openenclave/issues/3762> As called out in the v0.12.0 release, the following are being deprecated: * The Open Enclave SDK will be dropping support for Ubuntu 16.04 after Dec 2020. Developers and partners using Ubuntu 16.04 will need to move to using Ubuntu 18.04 by then. #3625<https://github.com/openenclave/openenclave/issues/3625> tracks this. * The Open Enclave SDK will be dropping support for WS2016 after Dec 2020. Developers and partners using WS2016 will need to move to using WS2019 by then. #3539<https://github.com/openenclave/openenclave/issues/3539> tracks this. * The Open Enclave SDK is deprecating support for gcc while building the SDK from source after Dec 2020. The recommended compiler while building the SDK from source is Clang. #3555<https://github.com/openenclave/openenclave/issues/3555> tracks this. |
|
|
|
SIG-Attestation on 12/9 10:00 AM PST Canceled
Yen Lee
Hi,
The SIG-Attestation meeting scheduled for 10:00 AM PST 12/9 is canceled. Thanks, Yen |
|
|
|
SIG-Arch on 12/8 5:00 PM PST Canceled
Radhika Jandhyala
Hi,
The SIG-Arch meeting scheduled for 5:00 PM PST 12/8 is canceled. Thanks, Radhika |
|
|
|
Open Enclave SDK SIG-Attestation Meeting Series - Wed, 12/02/2020
#cal-notice
oesdk@lists.confidentialcomputing.io Calendar <noreply@...>
Open Enclave SDK SIG-Attestation Meeting Series When: Where: Organizer: Description:
Agenda and Minutes: https://hackmd.io/Xj6GpDSKSwuz5cZgQ0yg1A Meeting ID: 995 5293 2630 Dial by your location |
|
|