Change log

New features

• New invocation methods (graphene-direct and graphene-sgx instead of pal_loader).
• Support for CPU topology and affinity.
• Support for multi-process POSIX locks (fcntl).
• Introduced in-memory tmpfs file system.
• Switched to TOML format for manifest files.
• Whole directories can be specified for SGX Trusted Files.
• Jinja-based manifest renderer (graphene-manifest).
• Support for EPOLLET in epoll emulation.
• Basic communication with host devices.

Security improvements

• Enabled GCC's stack protector in all Graphene binaries.
• Updated mbedTLS to version 2.26.0.
• Better crypto in encrypted IPC (e.g., HKDF-SHA256 instead of SHA256).
• Bug fixes in Trusted and Protected Files in Linux-SGX PAL.

Deployment improvements

• Switched (partially) to Meson from Make.
• Support for Glibc 2.33.
• Support for Ubuntu 21.04, Fedora, CentOS, ClearLinux.
• Support for the latest Intel SGX drivers, including the in-kernel Linux driver.

Performance improvements

• New manifest option libos.check_invalid_pointers to disable checks of invalid pointers on syscall invocations.
• New manifest option sgx.preheat_enclave to choose between fast startup and run-time performance.
• Using seqlocks for fast gettimeofday() emulation on Linux-SGX.
• Using AVL trees for managing futexes.

Debugging improvements

• Support for perf-based SGX profiling. To this end, family of manifest options sgx.profile is introduced.
• Rewritten GDB integration.
• Better Graphene logs.

Documentation

• Added "Attestation and Secret Provisioning" page.
• Added "Performance tuning and analysis" page.
• Added the PyTorch PPML framework tutorial.

New sample integrations

• Created a single Python example.
• Updated OpenVINO to version 2020.4.
• Added SSL/TLS configuration to Nginx.
• Fixed the R example.
• Fixed the PyTorch example and added a tutorial on its usage.

Stability and refactoring

• Rewritten Inter-Process Communication in LibOS.
• Rewritten signal handling in LibOS.
• Refactored all file system components in LibOS.
• Rewritten RTLD and ELF parsing components in LibOS.

Miscellaneous

• Fixed memory corruptions due to insufficient memory. To this end, introduced loader.pal_internal_mem_size manifest option.
• New syscalls implemented: rt_sigtimedwait, msync, madvise, getrandom, waitid, sethostname, setdomainname and readlinkat.
• Save/restore of FP/SSE/AVX/... control words on syscalls.
• Added info-image command to GSC.
• Added /proc/self/cmdline.
• Upgraded LTP to 20200930. Enabled multiple previously disabled LTP tests.
• And hundreds of other small bugfixes and improvements which didn't get to this list.

Breaking changes

• New invocation methods (graphene-direct and graphene-sgx instead of pal_loader).
• TOML format of manifest files. All example manifests were rewritten to TOML (for the full list of manifest options and the TOML syntax, check our readthedocs page).
• Removed loader.exec. Use loader.entrypoint instead.
• Removed loader.debug_type. Use loader.log_level instead.
• Removed sgx.allow_file_creation.
• Removed System V interprocess communication mechanisms (msgget and semget families of syscalls).
• Ubuntu 16.04 is not tested anymore and deprecated for use with Graphene.
• Dropped patches for Glibc 2.23 and 2.27.

Installation instructions

Starting from this release Graphene is available as .deb packages. To install them, follow the below commands:

sudo apt-key adv --fetch-keys https://packages.grapheneproject.io/graphene.asc
echo 'deb [arch=amd64 signed-by=EA3C2D624681AC968521587A5EE1171912234070] https://packages.grapheneproject.io/ unstable main' | sudo tee /etc/apt/sources.list.d/graphene-unstable.list
sudo apt update

sudo apt install graphene-inkernel # for 5.11+ driver
sudo apt install graphene-oot      # for out-of-tree SDK driver
sudo apt install graphene-dcap     # for out-of-tree DCAP driver

We plan to also support .rpm format in the future.

If you prefer to build the sources yourself, please follow the building instructions from our documentation.

Change log

Remote Attestation and Secret Provisioning

• Fully fledged remote attestation for EPID and ECDSA/DCAP schemes.
• RA-TLS library is incorporated in Graphene.
• Reference implementation of the Secret Provisioning library added to Graphene.

Note that both EPID and ECDSA/DCAP implementations require the SGX PSW/DCAP software stack to be installed and running on the same platform as Graphene.

Graphene Shielded Containers (GSC)

• GSC allows for seamless Docker integration.
• Original Docker image is transformed into a Graphene-enabled Docker image.
• Manifest is auto-generated and can be augmented with user-defined options.
• Examples include Python, Numpy, Pytorch, Nginx and Node.js.

Protected Files

• Protected File System (Protected FS) is incorporated in Graphene.
• New manifest option sgx.protected_files allows to add protected files or whole directories.
• Protected files are transparently encrypted and integrity-protected using the SGX SDK Protected FS format.
• The Secret Provisioning library can be used to provision the master key for Protected FS.

Protected Command-Line Arguments and Environment Variables

• Command-line arguments are read from a trusted file using the manifest option loader.argv_src_file.
• Environment variables are read from a trusted file using the manifest option loader.env_src_file.
• Arguments and environment variables are not propagated from the untrusted host anymore.

Protected Inter-Process Communication

• Checkpoints on fork/clone/execve are encrypted and integrity-protected.
• All IPC via pipes, FIFOs, and UNIX domain sockets is encrypted and integrity-protected.
• The underlying protocol is TLS-PSK with the shared key generated via SGX Local Attestation.

Exitless (Switchless) System Calls

• Application in Graphene can switch to exitless system calls via the new manifest option sgx.rpc_thread_num.
• Exitless feature is a performance optimization with no security implications. It introduces a performance trade-off (faster system calls at the cost of additional CPU cores) and is disabled by default.

Support for non-x86-64 Architectures

• Refactored all x86-64-specific code in separate files built only on x86-64 systems.
• Upcoming support for non-x86-64 architectures.

Deployment Improvements

• Support for Glibc 2.31.
• Support for Ubuntu 20.04, Fedora 32, ClearLinux.
• Support for the latest Intel SGX drivers, including DCAP drivers.
• Support for ECDSA/DCAP deployments and attestation.
• Deprecating the legacy FSGSBASE "Graphene SGX" kernel module in favor of the upstreamed FSGSBASE Linux patch.

Performance Improvements

• Emulation of gettimeofday() system call by invoking RDTSC on systems supporting "Invariant TSC".
• Better memory copy implementations (memcpy() in particular) with x86-64-specific assembly.
• New manifest option sgx.zero_heap_on_demand to choose between fast startup (without zeroing out the whole heap memory) and run-time performance (with zeroing out the heap).

Debugging Improvements

• New manifest option sgx.enable_stats.
• Per-thread and per-process statistics on AEX, ECALLS and OCALLs.
• Enabled CPU performance counters by setting the TCS.FLAGS.DBGOPTIN flag.

New Sample Integrations

• Updated Redis to version 6.0.5.
• Updated Busybox to version 1.32.0.
• Improved the PyTorch example.
• Added Blender, Cap'n Proto, Node.js Express server.
• More LTP tests.

Stability and Refactoring

• Refactored memory management in LibOS and Linux-SGX PAL.
• Refactored signal and exception handling.
• Refactored futex emulation.
• Refactored LibOS initialization and stack layout.
• Refactored select/poll/epoll.

Miscellaneous

• Correct emulation of RDTSC and RDTSCP instructions.
• Support for FIFOs (named pipes).
• Support for PROT_GROWSDOWN.
• Emulation of SIGPIPE.
• Better IPv6 support.
• Standalone SGX utilities for SGX CPUID information and attestation.
• Update mbedTLS to version 2.21.0.
• Removed unmaintained FreeBSD PAL.
• SPDX IDs for licenses in source files.
• Glibc build without spurious warnings.
• Migration of Graphene documentation to https://graphene.readthedocs.io/ and clean-up.

Breaking Changes

• Manifest option sys.brk.size renamed to sys.brk.max_size.
• Newly added protected arguments and environment variables require explicit change in legacy manifests: either adding loader.argv_src_file and loader.env_src_file to read arguments and variables from trusted files or adding loader.insecure__use_cmdline_argv = 1 and loader.insecure__use_host_env = 1 to propagate values from the host.

Changes

Rewrite and reorganization of application examples: Apache, Nginx, Lighttpd, Bash, OpenVino, TensorFlow, GCC, Python, R, CURL, NodeJS, LMBench 2.5.

Initial clean up of the documentation migrated from the GitHub wiki.

Code improvements and refactoring:

• PAL: Merge page size and allocation alignment
• SGX: Remove unused pal_handle.file.{pass,append} fields
• SGX: Refactor main function of pal_loader
• SGX: Clean up load_enclave() implementation
• SGX: Introduce SGX type definition from the Intel SDK
• SGX: Add sgx-tokens targets in Makefiles. Deprecate make SGX_RUN=1 command
• SGX: Clean up initialize_enclave() and create_enclave()
• SGX: Remove unnecessary OCALLs and rename the remaining properly
• SGX: Remove lingering mentions of WolfSSL
• LibOS: Remove lingering warnings
• Clean up assert() usage and introduce static_assert() for compile-time assertion
• Remove __builtin_expect usages

Bugfixes for PAL in general:

• PAL: Delete \ removal in read_config()
• PAL: Stack allocation with malloc() instead of _DkVirtualMemoryAlloc()
• PAL: Block async signals on thread exiting
• PAL: Fix config parsing in the manifest
• PAL: Do not set SO_LINGER on socket during socket_close()
• PAL: Clean up handle_ops and PAL_HANDLE usage
• PAL: Return real-time clock in DKSystemTimeQuery()
• PAL: Fix error reporting in mbedTLS crypto adapters
• PAL: Fix reporting EAFNOSUPPORT from platforms without IPv6 support
• PAL: Add spinlock implementation and tests
• PAL: Support zero-sized read/write on PAL streams (pipes, sockets, eventfds)

Bugfixes for SGX:

• SGX: Update IAS root CA URL
• SGX: gdb wrapper: use add-auto-load-safe-path
• SGX: Fix gdb support for PIE executables
• SGX: Fix the handling of ocall_sock_recv() and ocall_sock_recv_fd()
• SGX: Write/send from buffer in untrusted memory
• SGX: Flexible AVX/AVX512 support control
• SGX: Upgrade pal-sgx-get-token, pal-sgx-sign, link-intel-driver.py to python3
• SGX: Showing signing date in pal-sgx-get-token and pal-sgx-sign
• SGX: Fix AESM connection in pal-sgx-get-token
• SGX: Fix data race in file read and write
• SGX: Remove resetting of file offset after fork
• SGX: Add memory gap around executable mappings
• SGX: Manifest dependency generation in Python
• SGX: Fix size checking of signature files
• SGX: Always output sgx.static_address in pal-sgx-sign
• SGX: Fix address calculations in free_pages()
• SGX: Fix uninitialized pointer in load_trusted_file()
• SGX: Fix offset of MXCSR "reset" XSAVE area
• SGX: Implement new manifest option sgx.file_check_policy
• SGX: Increase MAX_DBG_THREADS constant from 64 to 1024
• SGX: Use raw clone() syscalls for creating enclave threads
• SGX: Increase limit of buffer size on untrusted stack
• SGX: Do not fail on empty sgx.trusted_files
• SGX: Clear the Alignment Check (AC) flag in RFLAGS upon enclave entry
• SGX: Fail with ENOEXEC if loading non-ELF file
• SGX: Correctly propagate arguments to _DkHandleExternalEvent()
• SGX: Fix segfault due to redundant pipe deletion
• SGX: Remove frame calculation in _DkExceptionHandler()

Bugfixes for Library OS:

• LibOS: Cleanup and fixes in proc_match_name()
• LibOS: Fix a typo in handle_copy()
• LibOS: Allow repeated listen() on the same socket
• LibOS: Do not get/put handles when adding/removing from epoll
• LibOS: Set starting fd in set_new_fd_handle() to 0
• LibOS: Force variable update on tcb.test_range.has_fault in test_user_memory()
• LibOS: Fix resource leak in file closing
• LibOS: Fix exit code propagation at signal interruption
• LibOS: Fix checking supported flags in clone()
• LibOS: Fix reference count leakage in put_thread()
• LibOS: Prevent double deletion of futex_waiter
• LibOS: Return ENOENT on open_namei(path = empty string)
• LibOS: Reorder argv in initial user stack
• LibOS: Use -O2 optimization level when building in non-debug mode
• LibOS: Fix error code propagation in shim_do_pipe2() and shim_do_socketpair()
• LibOS: Handle SIGABRT, SIGTERM, SIGINT from hosts
• LIbOS: Emulate eventfd()
• LibOS: Wait for 0.5 seconds before termination of IPC helper
• LibOS: Use %gs register for LibOS TCB (shim_tcb)
• LibOS: Always unset SIGKILL and SIGSTOP in set_signal_mask()
• LibOS: Deprecate GLIBC_DISABLE_VDSO in Makefiles
• LibOS: Allow Graphene-SGX to occupy the same process on execve()
• LibOS: Remove __attribute__((packed)) to eliminate warnings on gcc-9
• LibOS: Allow NULL pointers in memfault_upcall
• LibOS: Correctly emulate CLONE_CHILD_CLEARTID
• LibOS: Copy signal handler's __kernel_sigaction in get_new_thread()
• LibOS: Fix listing inaccessible files in getdents()

Miscellaneous bugfixes:

• GSCE: Fix for parsing app name from repo name
• Fix clean targets in Makefiles
• Fix multiple bugs in string comparisons and strcmp_static (renamed to strpartcmp_static)
• Introduce ARRAY_SIZE and IS_POWER_OF_2 macro and refactor alignment macros
• Link Graphene libraries in a fixed order

Change log

Stability improvements

• Reworked signal subsystem.
• Multiple fixes for race conditions.
• Multiple bugfixes in almost every component of Graphene.

Refactoring

• Reformatted most of the codebase to conform to our style guide.
• Refactored multiple components (e.g. inter process communication, acync helper, signal subsystem).

Interface security for SGX

• Multiple security fixes at the enclave-non-enclave boundary, including proper register cleaning in all possible code paths, clearing RFLAGS.DF and handling asynchronous enclave exits (AEX) in a few unexpected places.

Statically linked binaries support (SGX-only now)

• Statically linked binaries can now be run under Linux-SGX PAL. This mainly consisted of proper handling of syscall instruction occuring in the user application itself and adding VDSO support.

Remote attestation

• Support for a simple remote attestation protocol. Support for advanced use-cases coming soon.

Support for Ubuntu 18.04 and newer glibc versions

• Ported our glibc patches to support versions 2.19, 2.23, and 2.27.

New sample integrations

• Added: Memcached, Redis, and Tensorflow.
• Reworked Busybox and R integrations, more reworks coming soon.

Fix compatibility issue for Linux kernel later than 3.5 and Ubuntu 10.10. More portable PAL with organized platform-generic code. PAL regression test to confirm completeness of implementation. Plenty of bugfixes in both PAL and Graphene More supported applications