Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

v1.1

Latest
Compare
Choose a tag to compare
@dimakuv dimakuv released this 21 Jul 22:46
· 816 commits to master since this release

Change log

Remote Attestation and Secret Provisioning

  • Fully fledged remote attestation for EPID and ECDSA/DCAP schemes.
  • RA-TLS library is incorporated in Graphene.
  • Reference implementation of the Secret Provisioning library added to Graphene.

Note that both EPID and ECDSA/DCAP implementations require the SGX PSW/DCAP software stack to be installed and running on the same platform as Graphene.

Graphene Shielded Containers (GSC)

  • GSC allows for seamless Docker integration.
  • Original Docker image is transformed into a Graphene-enabled Docker image.
  • Manifest is auto-generated and can be augmented with user-defined options.
  • Examples include Python, Numpy, Pytorch, Nginx and Node.js.

Protected Files

  • Protected File System (Protected FS) is incorporated in Graphene.
  • New manifest option sgx.protected_files allows to add protected files or whole directories.
  • Protected files are transparently encrypted and integrity-protected using the SGX SDK Protected FS format.
  • The Secret Provisioning library can be used to provision the master key for Protected FS.

Protected Command-Line Arguments and Environment Variables

  • Command-line arguments are read from a trusted file using the manifest option loader.argv_src_file.
  • Environment variables are read from a trusted file using the manifest option loader.env_src_file.
  • Arguments and environment variables are not propagated from the untrusted host anymore.

Protected Inter-Process Communication

  • Checkpoints on fork/clone/execve are encrypted and integrity-protected.
  • All IPC via pipes, FIFOs, and UNIX domain sockets is encrypted and integrity-protected.
  • The underlying protocol is TLS-PSK with the shared key generated via SGX Local Attestation.

Exitless (Switchless) System Calls

  • Application in Graphene can switch to exitless system calls via the new manifest option sgx.rpc_thread_num.
  • Exitless feature is a performance optimization with no security implications. It introduces a performance trade-off (faster system calls at the cost of additional CPU cores) and is disabled by default.

Support for non-x86-64 Architectures

  • Refactored all x86-64-specific code in separate files built only on x86-64 systems.
  • Upcoming support for non-x86-64 architectures.

Deployment Improvements

  • Support for Glibc 2.31.
  • Support for Ubuntu 20.04, Fedora 32, ClearLinux.
  • Support for the latest Intel SGX drivers, including DCAP drivers.
  • Support for ECDSA/DCAP deployments and attestation.
  • Deprecating the legacy FSGSBASE "Graphene SGX" kernel module in favor of the upstreamed FSGSBASE Linux patch.

Performance Improvements

  • Emulation of gettimeofday() system call by invoking RDTSC on systems supporting "Invariant TSC".
  • Better memory copy implementations (memcpy() in particular) with x86-64-specific assembly.
  • New manifest option sgx.zero_heap_on_demand to choose between fast startup (without zeroing out the whole heap memory) and run-time performance (with zeroing out the heap).

Debugging Improvements

  • New manifest option sgx.enable_stats.
  • Per-thread and per-process statistics on AEX, ECALLS and OCALLs.
  • Enabled CPU performance counters by setting the TCS.FLAGS.DBGOPTIN flag.

New Sample Integrations

  • Updated Redis to version 6.0.5.
  • Updated Busybox to version 1.32.0.
  • Improved the PyTorch example.
  • Added Blender, Cap'n Proto, Node.js Express server.
  • More LTP tests.

Stability and Refactoring

  • Refactored memory management in LibOS and Linux-SGX PAL.
  • Refactored signal and exception handling.
  • Refactored futex emulation.
  • Refactored LibOS initialization and stack layout.
  • Refactored select/poll/epoll.

Miscellaneous

  • Correct emulation of RDTSC and RDTSCP instructions.
  • Support for FIFOs (named pipes).
  • Support for PROT_GROWSDOWN.
  • Emulation of SIGPIPE.
  • Better IPv6 support.
  • Standalone SGX utilities for SGX CPUID information and attestation.
  • Update mbedTLS to version 2.21.0.
  • Removed unmaintained FreeBSD PAL.
  • SPDX IDs for licenses in source files.
  • Glibc build without spurious warnings.
  • Migration of Graphene documentation to https://graphene.readthedocs.io/ and clean-up.

Breaking Changes

  • Manifest option sys.brk.size renamed to sys.brk.max_size.
  • Newly added protected arguments and environment variables require explicit change in legacy manifests: either adding loader.argv_src_file and loader.env_src_file to read arguments and variables from trusted files or adding loader.insecure__use_cmdline_argv = 1 and loader.insecure__use_host_env = 1 to propagate values from the host.