CHANGELOG.md

Changelog

Major work such as new features, bug fixes, feature deprecations, and other breaking changes should be noted here. It should be more concise than git log.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Added

• Function table/id based ecall/ocall dispatching

  • oeedger8r generates ecall tables and ocall tables
  • Dispatching based on function-id (index into table)
  • oeedger8r generates oe_create_foo_enclave function for foo.edl
  • oe-gdb allows attaching to a host that is already running

• oe-gdb allows attaching to a host that is already running

• Added Quote Enclave Identity validation into oe_verify_report implementation

Changed

• oe_create_enclave takes two additional parameters: ocall_table, ocall_table_size.
• Update mbedTLS library to version 2.7.6.
• Update MUSL libc to version 1.1.20.
• Update LLVM libcxx to version 7.0.0.
  • Some libcxx headers (e.g. string) now use c++11 template features and may require compiling with the -std=c++11 option when building with GCC.

Deprecated

• String based ocalls/ecalls, OE_ECALL, OE_OCALL macros.

v0.4.0 - 2018-10-08

v0.4.0 is the first public preview release, with numerous breaking changes from v0.1.0 as listed below.

Added

• Support building Open Enclave SDK apps with Clang-7.
• Support Intel EDL for host & enclave stub generation with oeedger8r tool.
• Support full SGX DCAP remote report (quote) revocation.
• Expand documentation for running on different configurations.
• Add pkg-config files for building Open Enclave apps in C/C++ for GCC or Clang.
• Add data sealing sample.
• Add oe_call_host_by_address() to allow enclaves to make OCALLs by callback pointer.
• Add oe_get_enclave() to obtain enclave handle to return to host.
• Add oe_get_target_info() to support SGX local attestation.
• Add CMake export configuration to SDK (experimental).

Changed

• Standardize naming convention on new Development Guide.
• Standardize Open Enclave APIs to use size_t type for buffer sizes.
• Standardize Open Enclave APIs to always clear output parameters on error return.
• Change report type detection logic.
  • Reports generated by Open Enclave are no longer transparently usable by Intel SGX SDK.
• Change oe_identity.authorID field to oe_identity.signerID.
• Clean up thread local storage on return from ECALL.
• Refactor liboecore and liboeenclave dependency.
  • All enclave apps must now link liboeenclave.
• Refactor liboecore and liboelibc dependency.
  • All enclave apps should call libc for C functions instead.
• Break up remote attestation sample into 4 separate samples.
• Simplify oe_get_report() so it doesn't accept unused reportdata on host side.
• Reduce the set of oe_result values returned.
• Update mbedTLS library to version 2.7.5.
• Update LLVM libcxx to version 6.0.1.
• Update MUSL libc to version 1.1.19.
• Update libunwind to version 1.3.

Deprecated

• Deprecate oe_call_host and oe_call_enclave methods in favor of EDL generated interfaces.

Removed

• Block re-entrant ECALLs. A host servicing an OCALL cannot make an ECALL back into the enclave.
• Remove oe_thread functions. All enclave apps should use libc/libcxx thread functions instead.
• Remove API reference from SDK package. Refer to https://openenclave.io/apidocs/v0.4 instead.
• Remove outdated documents including DesignOverview.pdf.
• Remove oegen, oedump and oeelf tools.
• Remove CMake-based samples.
• Replace test signing PEM files with runtime generated test keys.

Fixed

• Add appropriate validations for ELF64 in Open Enclave loader.
• Expand libc/libcxx test coverage.

Security

• Build all libraries with Clang-7 Spectre-1 mitigation (-x86-speculative-load-hardening).
• Update code to use safe CRT and secure memset/zero memory methods.
• Fix integer overflows and add arithmetic boundary checks in Open Enclave runtime.
• Fix cert chain validation during Open Enclave quote verification.

v0.1.0 - 2018-06-15 (YANKED)

Initial private preview release, no longer supported.