v0.18.0 Release

Radhika Jandhyala


We will be releasing v0.18.0 next week and we have some release candidates for you to test.

Please test these packages and let us know if you come across any issues. Thank you so much for your help!

To the Committers of the OE SDK: Please let us know if we have missed anything in the release notes. We should update our CHANGELOG if so.

Thank you so much to everyone in helping us drive and deliver this release! Please use our GitHub repo to report any issues that you may come across in your use of the SDK!



* oeapkman is a Linux tool for installing and using Alpine Linux static libraries within enclaves.
* The command oeapkman add package can be used to install the specified package.
Typically -static and -dev (e.g.: sqlite-static, sqlite-dev) packages need to be installed.
* The command oeapkman root prints out the path to the Alpine Linux distribution maintained by oeapkman.
The root path is useful for providing paths to header files and static libraries to the compiler and linker respectively.
* The command oeapkman exec can be used to execute commands within the Alpine Linux environment.
For example, after executing oeapkman add clang build-base cmake to install development tools,
running oeapkman exec clang -c file.c would compile file.c in current folder using the clang compiler that
has been installed in the Alpine Linux environment. oeapkman exec bash would launch a bash shell in the current folder.
* The --optee prefix can be applied to the commands to target OP-TEE.
oeapkman --optee add sqlite-static installs aarch64 sqlite static library.
oeapkman --optee exec gcc -c file.c cross-compile file.c to target OP-TEE.
* See samples/apkman<https://github.com/openenclave/openenclave/blob/v0.18.0-rc4/samples/apkman> for a complete example demonstrating use of the sqlite database library within enclaves.
* Support for compiler-rt. oelibc includes LLVM's compiler-rt-10.0.1.
* Update logging function setup API name for SGX Quote Provider plugin to sgx_ql_set_logging_callback and mark API name sgx_ql_set_logging_function as deprecated.
* Add new policy type OE_POLICY_ENDORSEMENTS_BASELINE for oe_verify_evidence API to pass additional parameters to QVL for more advanced quote validation.
* The CapturePFGPExceptions preference is now supported in SGX1 debug mode on Linux.
* When setting CapturePFGPExceptions=1, OE will simulate all the SIGSEGV as #PF by forwarding the host information (faulting address) to in-enclave exception handlers.
* Note that this feature is for debug only and there is no guarantee that the simulated behavior works the same as the hardware feature in SGX2.
* Added the support of using vDSO interfaces for SGX enclaves on Linux to enable synchronous exception handling. The oehost library automatically opts into the vDSO interface when it is available (Linux kernel 5.11+).


* Updated libcxx to version 10.0.1
* Updated the mbedTLS from 2.16 LTS to 2.28 LTS
* Updated the SymCrypt-OpenSSL to v1.1.0
* Updated the support of the SymCrypt module to v101.3.0