Releases: openenclave/openenclave
v0.19.4
Added
-
Added the ability to verify v5 TDX quotes
-
Added the ability to change the SGX QL load policy via an environment variable
OE_INTEL_QVL_LOAD_POLICY
. It is recommended that applications on Icelake servers with high EPC memory setOE_INTEL_QVL_LOAD_POLICY
=SGX_QL_PERSISTENT_QVE_MULTI_THREAD
to improve the performance for TDX quote validation. The following are the possible values you can use for this environment variable.- SGX_QL_EPHEMERAL (Default) – Same as behavior used for TDX quote verification in previous releases. Also used when OE_INTEL_QVL_LOAD_POLICY is not defined
- Only allow one QVL thread when QvE is used. Limits EPC usage to 1 QvE (one QvE instance).
- QvE is unloaded after QvE ECALL completes
- SGX_QL_PERSISTENT
- Only allow one QVL Thread when QvE is used. Limits EPC usage to 1 QvE.
- QvE is kept loaded for as long as the process lives.
- SGX_QL_PERSISTENT_QVE_MULTI_THREAD
- Allow a new QvE instance per thread.
- QvE is unloaded when thread is deleted.
- EPC usage is controlled by the number of extant threads called into the DCAP QVL w/QvE
- Provides the highest performance
- SGX_QL_EPHEMERAL_QVE_MULTI_THREAD –
- Allow a new QvE instance per thread.
- QvE is unloaded once QvE ECALL completes.
- EPC usage is controlled by the number of simultaneous threads calling into the DCAP QVL w/QvE
- Performance is impacted by the loading/unloading of QvE
- SGX_QL_EPHEMERAL (Default) – Same as behavior used for TDX quote verification in previous releases. Also used when OE_INTEL_QVL_LOAD_POLICY is not defined
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.18.100.1-focal1 PSW: 2.21.100.1-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: v1.18.100.1 PSW 2.20.100.1
v0.19.3
Security
- There are two CVEs mitigated in this release. Please refer to the security advisory for more details.
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.16.100.2-focal1 PSW: 2.19.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.16.100.2 PSW:2.18.100.2
v0.19.2
Added
- OE SDK packages now contain OpenSSL 3.1 in addition to OpenSSL 1.1.1
- OE SDK will continue to support OpenSSL 1.1.1 until its EOL in Sep 2023. Developers should update their enclave applications to use OpenSSL 3.1 by then.
- Note: Since OpenSSL 3.1 has not been tested in production environments as yet, we recommend you experiment with updating enclave applications to use OpenSSL 3.1 as soon as possible and file any issues that you may find. We will address all issues filed in the next month and make another release, if necessary, in August.
- The Attested TLS sample has been modified to support building enclave applications with OpenSSL 3.1.
- Refer to OpenSSL 3.1 support docs for additional details
- Some of the assembly files generated via a Perl script in OpenSSL 3.1 do not contain LVI mitigations as yet. These are contingent on upstream work and will be updated as soon as LVI mitigations are available.
- Added
oe_generate_attestation_certificate_v2
API which takes two additional params that determine certificate validity period.
Changed
- snmalloc has been updated to 0.6.2
- Dropped TDX supplemental data size check since the size is changing
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.16.100.2-focal1 PSW: 2.19.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.16.100.2 PSW:2.18.100.2
v0.19.0
Added
-
OE SDK can now be built with Clang-11 and it is recommended to upgrade the compiler to Clang-11 if you are building the SDK from source. The OE SDK packages in this release are built with Clang-11 with ControlFlow-GNU LVI mitigation. Please see below for details.
- Building OE SDK enclaves now includes the following LVI mitigation options:
ControlFlow-GNU
- enables LVI mitigation using the existing GNU-based mitigation specified byLVI_MITIGATION_BINDIR
. This option is recommended when building OE SDK with Clang-10.ControlFlow-Clang
- enables Clang-based LVI mitigations. Choosing this option requires Clang-11.ControlFlow
- enables LVI mitigation but default to the recommended method, which is currently ControlFlow-GNU.None
- no LVI mitigations are enabled.
- Building OE SDK enclaves now includes the following LVI mitigation options:
-
Added a TDX verifier plugin based on Intel QVL/QvE
- Added two public APIs to initialize and shut down
the plugin defined in theopenenclave/attestation/tdx/evidence.h
oe_tdx_verifier_initialize()
oe_tdx_verifier_shutdown()
- Added a new format uuid for TDX quote
OE_FORMAT_UUID_TDX_QUOTE_ECDSA
- Added a new OCALL
oe_verify_tdx_quote_ocall
that is
used by the plugin internally (seeopenenclave/edl/sgx/tdx_verification.edl
) - Steps for verify a TDX quote
- Initialize the plugin via
oe_tdx_verifier_initialize
- Invoke
oe_verify_evidence
by specifying the quote and
format id asOE_FORMAT_UUID_TDX_QUOTE_ECDSA
- Parse the claims (refer the definitions of TDX claims
toopenenclave/attestation/evidence.h
)
- Initialize the plugin via
- Note that the
oe_verify_evidence
with the plugin currently
does not support input endorsements (must beNULL
)
- Added two public APIs to initialize and shut down
-
Added two APIs
oe_get_tdx_endorsements
andoe_free_tdx_endorsements
to fetch
and free the endorsements for the given TDX quote. The APIs are for users who want
to manage (e.g., caching) the endorsements by themselves instead of relying on the
existing caching mechanisms (e.g., supported by DCAP).
Seeopenenclave/attestation/tdx/evidence.h
for more detail of the APIs. -
Added support for V4 collateral from Intel for SGX and TDX
Changed
- snmalloc (0.6.0) now only requires 16KiB initially per thread, compared to 256 KiB previously (0.5.3). Thread-local heaps only grow by a constant amount until the next power of 2, eg. 16KiB, 16KiB, 32KiB, 64KiB, ... 1MiB, 2MiB, 2MiB, ..., as opposed to a fixed amount previously (256 KiB). Allocator metadata is kept separately, making corruption attacks less likely. There are some applications for which this update in snmalloc will result in an increase in EPC memory as specified in the enclave configuration file.
Packages this release was tested against
On Ubuntu 20.04: DCAP: 1.16.100.2-focal1 PSW: 2.19.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.16.100.2 PSW:2.18.100.2
v0.19.0-rc1
Added
-
OE SDK can now be built with Clang-11 and it is recommended to upgrade the compiler to Clang-11 if you are building the SDK from source. The OE SDK packages in this release are built with Clang-11 with ControlFlow-GNU LVI mitigation. Please see below for details.
- Building OE SDK enclaves now includes the following LVI mitigation options:
ControlFlow-GNU
- enables LVI mitigation using the existing GNU-based mitigation specified byLVI_MITIGATION_BINDIR
. This option is recommended when building OE SDK with Clang-10.ControlFlow-Clang
- enables Clang-based LVI mitigations. Choosing this option requires Clang-11.ControlFlow
- enables LVI mitigation but default to the recommended method, which is currently ControlFlow-GNU.None
- no LVI mitigations are enabled.
- Building OE SDK enclaves now includes the following LVI mitigation options:
-
Added a TDX verifier plugin based on Intel QVL/QvE
- Added two public APIs to initialize and shut down
the plugin defined in theopenenclave/attestation/tdx/evidence.h
oe_tdx_verifier_initialize()
oe_tdx_verifier_shutdown()
- Added a new format uuid for TDX quote
OE_FORMAT_UUID_TDX_QUOTE_ECDSA
- Added a new OCALL
oe_verify_tdx_quote_ocall
that is
used by the plugin internally (seeopenenclave/edl/sgx/tdx_verification.edl
) - Steps for verify a TDX quote
- Initialize the plugin via
oe_tdx_verifier_initialize
- Invoke
oe_verify_evidence
by specifying the quote and
format id asOE_FORMAT_UUID_TDX_QUOTE_ECDSA
- Parse the claims (refer the definitions of TDX claims
toopenenclave/attestation/evidence.h
)
- Initialize the plugin via
- Note that the
oe_verify_evidence
with the plugin currently
does not support input endorsements (must beNULL
)
- Added two public APIs to initialize and shut down
-
Added two APIs
oe_get_tdx_endorsements
andoe_free_tdx_endorsements
to fetch
and free the endorsements for the given TDX quote. The APIs are for users who want
to manage (e.g., caching) the endorsements by themselves instead of relying on the
existing caching mechanisms (e.g., supported by DCAP).
Seeopenenclave/attestation/tdx/evidence.h
for more detail of the APIs. -
Added support for V4 collateral from Intel for SGX and TDX
Changed
- snmalloc (0.6.0) now only requires 16KiB initially per thread, compared to 256 KiB previously (0.5.3). Thread-local heaps only grow by a constant amount until the next power of 2, eg. 16KiB, 16KiB, 32KiB, 64KiB, ... 1MiB, 2MiB, 2MiB, ..., as opposed to a fixed amount previously (256 KiB). Allocator metadata is kept separately, making corruption attacks less likely. There are some applications for which this update in snmalloc will result in an increase in EPC memory as specified in the enclave configuration file.
Known issues
- oeutil crashes on Windows and a fix is available in master and will be available in the final release
v0.18.5
Security
- Updated OpenSSL used inside the enclave to v1.1.1t. See OpenSSL's release notes for more details
Packages this release was tested against
On Ubuntu 18.04: DCAP: 1.15.100.3-bionic1 PSW: 2.18.101.1-bionic1 SGXDriver: 1.33.2
On Ubuntu 20.04: DCAP: 1.15.100.3-focal1 PSW: 2.18.101.1-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP 1.15.100.2 PSW 2.17.100.2
v0.18.4
Added
- Added oe_set_host_log_level and oe_set_enclave_log_level APIs to dynamically modify host and enclave log level verbosity, respectively. See #4610 for more details
- Added backtrace debug log for unhandled exceptions if the enclave is configured with and CapturePFGPExceptions=1, the backtrace information will be printed in the enclave log when an in-enclave exception is not handled by trusted handlers. If the enclave is not configured with CapturePFGPExceptions=1, the similar helper message in the following will be printed in the log:
2022-07-13T00:25:05+0000.276579Z (H)ERROR] tid(0x7f6cbb2b1f40) | Unhandled in-enclave exception. To get more information, configure the enclave with CapturePFGPExceptions=1 and enable the in-enclave logging.
Changed
- Fixed bugs in oe_validate_revocation_list regarding PCCS API v3.0
- Fixed issue where oe_hex_dump prints data to stdout, even when logging callback is set
- Fixed the issue where enclave stack was not showing up in ocall callstack in Windows debuggers. Added padding to restore offset of callsites field to previous value.
Security
- Updated OpenSSL used inside the enclave to v1.1.1q. See OpenSSL's release notes for more details
- Update Mbed-TLS used inside the enclave to 2.28.1. See Mbed-TLS's release notes for more details.
Packages this release was tested against
On Ubuntu 18.04: DCAP: 1.14.100.3-bionic1 PSW: 2.17.100.3-bionic1 SGXDriver: 1.33.2
On Ubuntu 20.04: DCAP: 1.14.100.3-focal1 PSW: 2.17.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.14.100.3 PSW: 2.16.100.3
v0.18.2
Changed
- Fixed the incorrect behavior of pthread_mutex_init() and std::mutex such that they no longer create a recursive lock by default. Please see issue #4555 for more details.
Security
- Mitigated CVE-2022-21233. Please refer to the security advisory for the same.
- The mitigations require an extra copy for ocalls in oeedger8r generated code.
- If you are running on a processor that is not affected by the CVE, you can turn off oeedger8r introduced mitigations by defining a global C variablebool oe_edger8r_secure_unserialize = false;
in enclave side code.
Packages this release was tested against
On Ubuntu 18.04: DCAP: 1.14.100.3-bionic1 PSW: 2.17.100.3-bionic1 SGXDriver: 1.33.2
On Ubuntu 20.04: DCAP: 1.14.100.3-focal1 PSW: 2.17.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.14.100.3 PSW: 2.16.100.3
v0.18.1
This release fixes the following issues
- Calling oe_log from an enclave resulted in partial log output. #4547 fixed this.
- Fixed #4540. The fix does not introduce functional changes, but updates
memcpy_with_barrier
such that the source address will be always aligned when the function does 2- or 4-byte memory write. - Fixed #4542. The issue affects only those applications that ignore
SIGHUP
,SIGALRM
,SIGPIPE
,SIGPOLL
,SIGUSR1
, orSIGUSR2
usingsignal(signum, SIG_IGN)
on Linux. The issue has no impact on the enclave runtime.
Packages this release was tested against
On Ubuntu 18.04: DCAP: 1.14.100.3-bionic1 PSW: 2.17.100.3-bionic1 SGXDriver: 1.33.2
On Ubuntu 20.04: DCAP: 1.14.100.3-focal1 PSW: 2.17.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.14.100.3 PSW: 2.16.100.3
v0.18.0
Added
oeapkman
is a Linux tool for installing and using Alpine Linux static libraries within enclaves.- The command
oeapkman add package
can be used to install the specified package.
Typically-static
and-dev
(e.g.: sqlite-static, sqlite-dev) packages need to be installed. - The command
oeapkman root
prints out the path to the Alpine Linux distribution maintained byoeapkman
.
The root path is useful for providing paths to header files and static libraries to the compiler and linker respectively. - The command
oeapkman exec
can be used to execute commands within the Alpine Linux environment.
For example, after executingoeapkman add clang build-base cmake
to install development tools,
runningoeapkman exec clang -c file.c
would compilefile.c
in current folder using the clang compiler that
has been installed in the Alpine Linux environment.oeapkman exec bash
would launch a bash shell in the current folder. - The
--optee
prefix can be applied to the commands to target OP-TEE.
oeapkman --optee add sqlite-static
installs aarch64 sqlite static library.
oeapkman --optee exec gcc -c file.c
cross-compilefile.c
to target OP-TEE. - See samples/apkman for a complete example demonstrating use of the
sqlite
database library within enclaves.
- The command
- Support for
compiler-rt
.oelibc
includes LLVM'scompiler-rt-10.0.1
. - Update logging function setup API name for SGX Quote Provider plugin to
sgx_ql_set_logging_callback
and mark API namesgx_ql_set_logging_function
as deprecated. - Add new policy type
OE_POLICY_ENDORSEMENTS_BASELINE
foroe_verify_evidence
API to pass additional parameters to QVL for more advanced quote validation. - The CapturePFGPExceptions preference is now supported in SGX1 debug mode on Linux.
- When setting CapturePFGPExceptions=1, OE will simulate all the SIGSEGV as #PF by forwarding the host information (faulting address) to in-enclave exception handlers.
- Note that this feature is for debug only and there is no guarantee that the simulated behavior works the same as the hardware feature in SGX2.
- Added the support of using vDSO interfaces for SGX enclaves on Linux to enable synchronous exception handling. The
oehost
library automatically opts into the vDSO interface when it is available (Linux kernel 5.11+).
Changed
- Updated libcxx to version 10.0.1
- Updated the mbedTLS from 2.16 LTS to 2.28 LTS
- Updated the SymCrypt-OpenSSL to v1.1.0
- Updated the support of the SymCrypt module to v101.3.0
Security
-
This release contains mitigations for CVE-2022-21166 described in INTEL-SA-00615. Please refer to the security advisory for more details and the developer guide for mitigating the vulnerability.
-
Updated openssl to version 1.1.1o. Please refer to release notes to find CVEs addressed by this version.
Packages this release was tested against
On Ubuntu 18.04: DCAP: 1.14.100.3-bionic1 PSW: 2.17.100.3-bionic1 SGXDriver: 1.33.2
On Ubuntu 20.04: DCAP: 1.14.100.3-focal1 PSW: 2.17.100.3-focal1 SGXDriver: 1.41
On Windows Server 2019: DCAP: 1.14.100.3 PSW: 2.16.100.3