Sorry, you need to enable JavaScript to visit this website.

Details

Release Date: 
Nov 11, 2020
Version: 
Linux 2.12 Open Source

Intel® Software Guard Extensions SDK

PRODUCT CONTENTS

Intel® Software Guard Extensions SDK package includes:

  • An Intel® Software Guard Extensions SDK installer for Linux* OS. It includes binaries to develop enclave applications. The main components include:
    • Trusted libraries, including standard C library, C++ runtime support, C++ STL, and others
    • Development tools, including edger8r, signing tool, and others
    • Sample projects

WHAT’S NEW

  • Supported new OS: Ubuntu 20.04 and CentOS 8.2 support.
  • Fixed bugs.

SYSTEM REQUIREMENTS

SOFTWARE REQUIREMENTS

Supported Linux OS distributions:

  • Ubuntu* 18.04 LTS 64-bit Desktop and Server version
  • Ubuntu* 20.04 LTS 64-bit Desktop and Server version
  • Red Hat* Enterprise Linux* Server 8.2 (for x86_64)
  • CentOS 8.2
  • Fedora 31

Note: It is highly recommended to use the listed Linux* OS distributions. Other distributions have not been tested.

Intel(R) SGX developers need GCC 7.3 or later and latest GNU Binutils in order to address CVE- 2020-0551 in their enclaves. Intel is posting latest as, ld, objdump and gold executables from GNU Binutil here.

KNOWN ISSUES AND LIMITATIONS

  • Intel(R) SGX SDK 2.9 and later versions requires GCC 7.3 or above.
  • The SDK installer will not be provided for below OSes because the native GCC version doesn't meet the requirement:
    • Ubuntu 16.04 LTS Server 64bits
    • Red Hat Enterprise Linux Server release 7.4 64bits
    • Red Hat Enterprise Linux Server release 7.6 64bits
    • CentOS 7.5 64bits
    • Fedora 27 Server 64bits
    • SUSE Linux Enterprise Server 12 64bits
  • Intel® SGX for Linux* OS does not support setting a different charset in GNU* Project Debugger (GDB*).
  • Building the Intel SGX SDK sample project “RemoteAttestation” is possible only within the Intel SGX SDK installation folder.
  • Intel SGX does not support the “long long” type in C++ templates.
  • sgx-gdb depends on GDB* 7.9.1 or later versions. Please upgrade GDB* if it is lower than 7.9.1.
  • If Intel® SGX EDMM feature is used, you should use the version 2.2 or higher of both Intel® SGX PSW and Intel SGX SDK 2.2.
  • sgx-gdb does not support watching Thread Local Storage variables in the enclave.
  • The addresses of all stack variables are randomized. The randomization comes at the expense of increased stack usage. Enclaves built with the Linux 2.4 SDK should increase their stack size setting by 4 KB.
  • Intel® SGX PCL interaction with KSS: In Intel® SGX SDK 2.4, if the Intel® SGX PCL sealing enclave is configured to support KSS (Enclave configuration XML includes entry EnableKSS with value 1), then when sealing the Intel® SGX PCL decryption key, the Intel® SGX PCL sealing enclave cannot use sgx_seal_data. Instead, the Intel® SGX PCL sealing enclave must use sgx_seal_data_ex and assign key_policy such that SGX_KEYPOLICY_MRSIGNER bit is set to 1 and KSS bits (SGX_KEYPOLICY_CONFIGID, SGX_KEYPOLICY_ISVFAMILYID and SGX_KEYPOLICY_ISVEXTPRODID) are set to 0.

 

Intel® Software Guard Extensions Platform Software

PRODUCT CONTENTS

Intel® Software Guard Extensions PSW package includes:

  • Intel® SGX Application enclaves
  • Intel® SGX Runtime System Library
  • Intel® SGX Application Enclave Service Manager (AESM)

WHAT’S NEW

Intel® Software Guard Extensions PSW includes the following changes in this release:

  • Added Ubuntu 20.04 and CentOS 8.2 support.
  • Added Intel® Provisioning Certification Service V3 API support for ECDSA attestation.
  • Fixed bugs

SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS

  • 6th Generation Intel® Core™ Processor or newer

SOFTWARE REQUIREMENTS

Supported Linux* OS distributions:

  • Ubuntu* 16.04 LTS 64-bit Desktop and Server version
  • Ubuntu* 18.04 LTS 64-bit Desktop and Server version
  • Ubuntu* 20.04 LTS 64-bit Desktop and Server version
  • Red Hat* Enterprise Linux* Server 8.2 (for x86_64)
  • Red Hat* Enterprise Linux* Server 7.6 (for x86_64)
  • CentOS 8.2 64bits
  • Fedora 31 Server version

Note:

  • Intel® SGX PSW supports the Intel® Xeon® Processor E3 Server V5 and onwards platforms if the platform processor and BIOS supports the Intel® SGX. Please check with OEM/ODM regarding BIOS support for enabling the Intel® SGX.
  • If you need to use the Intel® SGX platform service, install the Intel® Management Engine (Intel® ME) software components. This is optional, you can skip this if you do not need to use the Intel® SGX platform service.
  • Intel® SGX platform service is not supported in Intel® Xeon® Processor E3 Server platforms.

KNOWN ISSUES AND LIMITATIONS

  • Occasionally Intel® SGX aesmd service fail to retrieve enclave launch white-list from internet after rebooting Linux, this may cause failure to load those enclaves which need latest enclave launch white-list support. User can work around this through restarting Intel® SGX aesmd service.