Releases: R3Conclave/conclave-core-sdk
v1.4-beta1
-
Beta feature Gramine as a new enclave runtime, which can be used as an alternative to GraalVM. Using Gramine enables some very nice features which were not possible before, including reproducible builds and native library support. Gramine is currently only available as a beta feature. Have a look at the docs to try it out. Also take a look at the known issues to see what still needs to be added.
-
Beta feature Much better Python support with Gramine, including a new beta enclave Python API!
-
For a consistent build environment, the Gradle plugin will use Docker to build the enclave, including on Linux.
-
Intel SGX SDK has been updated to 2.18. This provides bug fixes, security updates, and other improvements. See the SGX SDK release notes for more details.
-
EPID attestation protocol has been deprecated. You should use DCAP instead.
-
For security reasons, the way enclave constraints are evaluated has changed slightly. From now on, if a client sets the security level to
INSECURE
, it will not pass forSTALE
orSECURE
enclaves. This is to prevent the client from accidentally communicating with a production enclave during development or testing.
v1.3.1
This is a small patch release with the following changes:
- To make deploying enclaves built with Conclave easier, files containing the enclave code hash and signer are now generated when an enclave is built.
- Added support for the Intel PCCS (Provisioning certificate caching service) and Intel DCAP plugin.
1.3
This is the first release of the Conclave Core SDK to be open source! 🎉 Read our blog post on why did this and what it means for you. Here is a list of the main features in this release:
- The SDK artifacts are now available on Maven Central. There's no longer any need to have a local repo directory in your Conclave project. See the API changes page for more details.
- The Core SDK powers our new Conclave Cloud platform. Head over to https://conclave.cloud to learn more.
- 🧩 New feature! The Conclave Key Derivation Service (KDS) is out of beta and now supports production workloads. The REST API docs can be found here.
- 🧩 New feature! Support for stable enclave encryption keys with Mail by using the KDS. This enables use cases where the enclave can restart or move to a different physical machine without affecting the client. It also enables horizontally-scaled enclave solutions. See the API docs for the new KDS post office for more details.
- 🧩 Java 17 is now supported inside the enclave. There's no need to configure anything. Just ensure you're using JDK 17 when building your enclave to benefit from the new language features.
- Exceptions thrown during enclave startup in release mode now propagate to the host. This provides better feedback if the enclave is unable to start.
- Gradle 7 is now supported.
- GraalVM has been updated to version 22.0.
- Intel SGX SDK has been updated to 2.17.1. This provides bug fixes, security updates, and other improvements. See the SGX SDK release notes for more details.
- Conclave now supports Ubuntu 20.04 LTS and 18.04 LTS. 16.04 LTS is no longer supported.
- We've introduced the concept of beta APIs to facilitate quick iterative feedback on APIs before they're finalized. Anything annotated with @Beta is subject to change and may even be removed in a later release.
- 🧩 Beta feature New API method which creates an attestation quote with custom report data, for use with external SGX-enabled applications which require a signed quote with specific content. See Enclave.createAttestationQuote for more information.
- We have added Intel advisory IDs to DCAP-based attestation reports. These provide more information on any platform vilnerabilites that may be present on the system.