Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

v1.0.1
Compare
Choose a tag to compare
@mkow mkow released this 19 Dec 15:58
· 1399 commits to master since this release
v1.0.1
ec41611

Changes

Rewrite and reorganization of application examples: Apache, Nginx, Lighttpd, Bash, OpenVino, TensorFlow, GCC, Python, R, CURL, NodeJS, LMBench 2.5.

Initial clean up of the documentation migrated from the GitHub wiki.

Code improvements and refactoring:

  • PAL: Merge page size and allocation alignment
  • SGX: Remove unused pal_handle.file.{pass,append} fields
  • SGX: Refactor main function of pal_loader
  • SGX: Clean up load_enclave() implementation
  • SGX: Introduce SGX type definition from the Intel SDK
  • SGX: Add sgx-tokens targets in Makefiles. Deprecate make SGX_RUN=1 command
  • SGX: Clean up initialize_enclave() and create_enclave()
  • SGX: Remove unnecessary OCALLs and rename the remaining properly
  • SGX: Remove lingering mentions of WolfSSL
  • LibOS: Remove lingering warnings
  • Clean up assert() usage and introduce static_assert() for compile-time assertion
  • Remove __builtin_expect usages

Bugfixes for PAL in general:

  • PAL: Delete \ removal in read_config()
  • PAL: Stack allocation with malloc() instead of _DkVirtualMemoryAlloc()
  • PAL: Block async signals on thread exiting
  • PAL: Fix config parsing in the manifest
  • PAL: Do not set SO_LINGER on socket during socket_close()
  • PAL: Clean up handle_ops and PAL_HANDLE usage
  • PAL: Return real-time clock in DKSystemTimeQuery()
  • PAL: Fix error reporting in mbedTLS crypto adapters
  • PAL: Fix reporting EAFNOSUPPORT from platforms without IPv6 support
  • PAL: Add spinlock implementation and tests
  • PAL: Support zero-sized read/write on PAL streams (pipes, sockets, eventfds)

Bugfixes for SGX:

  • SGX: Update IAS root CA URL
  • SGX: gdb wrapper: use add-auto-load-safe-path
  • SGX: Fix gdb support for PIE executables
  • SGX: Fix the handling of ocall_sock_recv() and ocall_sock_recv_fd()
  • SGX: Write/send from buffer in untrusted memory
  • SGX: Flexible AVX/AVX512 support control
  • SGX: Upgrade pal-sgx-get-token, pal-sgx-sign, link-intel-driver.py to python3
  • SGX: Showing signing date in pal-sgx-get-token and pal-sgx-sign
  • SGX: Fix AESM connection in pal-sgx-get-token
  • SGX: Fix data race in file read and write
  • SGX: Remove resetting of file offset after fork
  • SGX: Add memory gap around executable mappings
  • SGX: Manifest dependency generation in Python
  • SGX: Fix size checking of signature files
  • SGX: Always output sgx.static_address in pal-sgx-sign
  • SGX: Fix address calculations in free_pages()
  • SGX: Fix uninitialized pointer in load_trusted_file()
  • SGX: Fix offset of MXCSR "reset" XSAVE area
  • SGX: Implement new manifest option sgx.file_check_policy
  • SGX: Increase MAX_DBG_THREADS constant from 64 to 1024
  • SGX: Use raw clone() syscalls for creating enclave threads
  • SGX: Increase limit of buffer size on untrusted stack
  • SGX: Do not fail on empty sgx.trusted_files
  • SGX: Clear the Alignment Check (AC) flag in RFLAGS upon enclave entry
  • SGX: Fail with ENOEXEC if loading non-ELF file
  • SGX: Correctly propagate arguments to _DkHandleExternalEvent()
  • SGX: Fix segfault due to redundant pipe deletion
  • SGX: Remove frame calculation in _DkExceptionHandler()

Bugfixes for Library OS:

  • LibOS: Cleanup and fixes in proc_match_name()
  • LibOS: Fix a typo in handle_copy()
  • LibOS: Allow repeated listen() on the same socket
  • LibOS: Do not get/put handles when adding/removing from epoll
  • LibOS: Set starting fd in set_new_fd_handle() to 0
  • LibOS: Force variable update on tcb.test_range.has_fault in test_user_memory()
  • LibOS: Fix resource leak in file closing
  • LibOS: Fix exit code propagation at signal interruption
  • LibOS: Fix checking supported flags in clone()
  • LibOS: Fix reference count leakage in put_thread()
  • LibOS: Prevent double deletion of futex_waiter
  • LibOS: Return ENOENT on open_namei(path = empty string)
  • LibOS: Reorder argv in initial user stack
  • LibOS: Use -O2 optimization level when building in non-debug mode
  • LibOS: Fix error code propagation in shim_do_pipe2() and shim_do_socketpair()
  • LibOS: Handle SIGABRT, SIGTERM, SIGINT from hosts
  • LIbOS: Emulate eventfd()
  • LibOS: Wait for 0.5 seconds before termination of IPC helper
  • LibOS: Use %gs register for LibOS TCB (shim_tcb)
  • LibOS: Always unset SIGKILL and SIGSTOP in set_signal_mask()
  • LibOS: Deprecate GLIBC_DISABLE_VDSO in Makefiles
  • LibOS: Allow Graphene-SGX to occupy the same process on execve()
  • LibOS: Remove __attribute__((packed)) to eliminate warnings on gcc-9
  • LibOS: Allow NULL pointers in memfault_upcall
  • LibOS: Correctly emulate CLONE_CHILD_CLEARTID
  • LibOS: Copy signal handler's __kernel_sigaction in get_new_thread()
  • LibOS: Fix listing inaccessible files in getdents()

Miscellaneous bugfixes:

  • GSCE: Fix for parsing app name from repo name
  • Fix clean targets in Makefiles
  • Fix multiple bugs in string comparisons and strcmp_static (renamed to strpartcmp_static)
  • Introduce ARRAY_SIZE and IS_POWER_OF_2 macro and refactor alignment macros
  • Link Graphene libraries in a fixed order
Assets 2