Hi,

Open Enclave version 0.11.0 will soon be published, and we want to send out some release candidate packages (for Windows Server 2016 and 2019, Ubuntu 16.04/18.04) for pre-release testing. You can find the release candidate packages on GitHub below under the v0.11.0-rc1 tag:

https://github.com/openenclave/openenclave/releases<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%2Freleases&data=02%7C01%7Cradhikaj%40microsoft.com%7C9b906ec7b73c4fa7da1808d7a0826790%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637154354265332253&sdata=e0DQ36Qk5d2DJ3DrkM0ZjYzzPODpk8%2BjfpqD3tja1Ls%3D&reserved=0>

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!


Release Notes

Added

* Open Enclave SDK release packages can now be built on non-SGX and non-FLC machines.
* Support for arbitrarily large thread-local data for SGX machines.
* Experimental support for OpenSSL inside enclaves has been added while building the SDK from source.
* Use BUILD_OPENSSL flag while compiling the SDK.
* OpenSSLSupport.md<https://github.com/openenclave/openenclave/blob/v0.11.0-rc1/docs/OpenSSLSupport.md> documents supported options and configuration needed to use OpenSSL inside an enclave.
* Custom claims buffer serialization/de-serialization helper functions.
* SGX attestation endorsement claims from oe_verify_evidence() will contain the following:
* OE_CLAIM_SGX_TCB_INFO
* OE_CLAIM_SGX_TCB_ISSUER_CHAIN
* OE_CLAIM_SGX_PCK_CRL
* OE_CLAIM_SGX_ROOT_CA_CRL
* OE_CLAIM_SGX_CRL_ISSUER_CHAIN
* OE_CLAIM_SGX_QE_ID_INFO
* OE_CLAIM_SGX_QE_ID_ISSUER_CHAIN
* The attestation functions in local_attestation/remote_attestation/attested_tls/host_verify samples now use attestation plugin APIs, defined in attestation/attester.h and attestation/verifier.h to generate and verify evidence.
* oe_get_evidence() support for generation of SGX EPID evidences, in formats OE_FORMAT_UUID_SGX_EPID_LINKABLE and OE_FORMAT_UUID_SGX_EPID_UNLINKABLE.

Changed

* Rename the custom claims buffer added by oe_get_evidence from "custom_claims" to "custom_claims_buffer". Likewise, replace the OE_CLAIM_CUSTOM_CLAIMS definition for this name with OE_CLAIM_CUSTOM_CLAIMS_BUFFER.
* Building SDK from source
- HAS_QUOTE_PROVIDER cmake option has been removed. This is a continuation of the work in the previous release to allow the same build of OE SDK to run on both FLC and non-FLC machines.
- Intel SGX EnclaveCommonAPI packages are no longer needed to build the SDK.
- COMPILE_SYSTEM_EDL option has been removed.

* oe_verify_attestation_certificate_with_evidence() can now verify certificates generated by oe_generate_attestation_certificate() as well as oe_get_attestation_certificate_with_evidence().
* The SGX attestation evidence internal structure has changed. The current structure (version 3) is not compatible with the previous version. Applications that call oe_get_evidence() or oe_verify_evidence() have to be rebuilt.
* Some SGX attestation format IDs have been renamed:
Old
New
OE_FORMAT_UUID_SGX_ECDSA_P256
OE_FORMAT_UUID_SGX_ECDSA
OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT
OE_FORMAT_UUID_LEGACY_REPORT_REMOTE
OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE
OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA
Removed

* Declaration of SGX format ID OE_FORMAT_UUID_SGX_ECDSA_P384 is removed.

* oe_get_evidence() support of SGX legacy formats OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT and OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE is removed.

Security

* Update mbedTLS to version 2.16.7. Refer to the 2.16.7 release notes<https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7> for the set of
issues addressed.
Thanks,
Rahdika