Intel® SGX SDK/PSW 2.28

Intel® Software Guard Extensions SDK (Intel® SGX SDK)

• Removed deprecated functionality based on EPID (Enhanced Privacy ID), including EPID remote attestation.
  • • Note support remains for ECDSA-based attestation and universal quoting APIs (i.e. sgx_get_quote_ex()).
    • The following definitions have been removed from libsgx-headers:
      • sgx_calc_quote_size()
      • sgx_check_update_status()
      • sgx_get_extended_epid_group_id()
      • sgx_get_quote()
        • note: sgx_get_quote_ex() remains supported
      • sgx_get_quote_size()
        • note: sgx_get_quote_size_ex() remains supported
      • sgx_init_quote()
        • note: sgx_init_quote_ex() remains supported
      • sgx_report_attestation_status()
    • The following dev header has been removed: sgx_uae_epid.h
    • Removed libsgx_epid_sim.so, following the removal of EPID-based Provisioning Enclave (PVE), and EPID-based Quoting Enclave (QE) in SGX PSW.
• Removed code supporting the deprecated Launch Enclave, whitelist management and out-of-tree driver.
  • • The recommended launch mechanism continues to be the Flexible Launch Control via the in-kernel SGX driver.
    • The following launch-related UAE APIs are deprecated and will now return SGX_ERROR_FEATURE_NOT_SUPPORTED:
      • get_launch_token()
      • sgx_get_whitelist()
      • sgx_get_whitelist_size()
      • sgx_register_wl_cert_chain()
    • The following dev header has been deprecated: sgx_uae_launch.h
    • The following parameters of sgx_create_enclave() URTS API: *launch_token and *launch_token_updated are now RESERVED and ignored by the implementation. Implementers may choose to continue passing an empty/initialized launch_token_t placeholder or pass a nullptr in their place.
    • Removed libsgx_launch_sim.so following the removal of Launch Enclave (LE) in SGX PSW.
• Enclave creation no longer fails when the Enclave Dynamic Memory Management (EDMM) and AEX-Notify are both enabled.
• Upgraded to OpenSSL 3.0.19.
• Added support for CentOS* Stream 10 and Red Hat* Enterprise Linux* 10.
• Bug fixes.

Note

Intel® Software Guard Extensions (Intel® SGX) Eclipse plugin will be removed in the next release of Intel® SGX SDK.

---

Intel® Software Guard Extensions Platform Software (Intel® SGX PSW)

• Removed deprecated functionality based on EPID (Enhanced Privacy ID), including EPID remote attestation.
  • • The libsgx_epid.so library is removed, including its simulation counterpart in the SGX SDK.
    • Note support remains for ECDSA-based attestation and universal quoting APIs (i.e. sgx_get_quote_ex()).
    • Supporting architectural enclaves: EPID-based Provisioning Enclave (PVE) and EPID-based Quoting Enclave (QE) are no longer distributed.
• Removed code supporting the deprecated Launch Enclave, whitelist management, and out-of-tree driver.
  • • The recommended launch mechanism continues to be the Flexible Launch Control via the in-kernel SGX driver.
    • The libsgx_launch.so library is removed, including its simulation counterpart in the SGX SDK.
    • The libsgx-aesm-launch-plugin as well as the le_launch_service_bundle are removed.
    • Supporting architectural enclave: Launch Enclave (LE), is no longer distributed.
    • Launch whitelist files (white_list_cert*.bin) and signature files (le_prod_css.bin) are removed as well.
• Upgraded to OpenSSL 3.0.19.
• Added support for CentOS* Stream 10 and Red Hat* Enterprise Linux* 10.
• Bug fixes.