Releases: intel/confidential-computing.tee.dcap
Intel® SGX/TDX DCAP 1.25
- Added Intel® Trust Domain Extensions (Intel® TDX) enhancements including:
- Trust Domain (TD) partitioning support (including quote definition, Trust Domain Quoting Enclave (TDQE), Quote Verification Library (QVL) updates), and
- Runtime Measurement Register (RTMR) sysfs extension logic for Linux* kernel v6.16+.
- Added Quote Appraisal Enclave (QAE) implementation.
- The Open Policy Agent (OPA)-based evaluation algorithm (
qal_script.rego) used by the Quote Appraisal Library (QAL) and the QAE through WebAssembly (WASM) processing engine is now compiled directly into the QAL/QAE. The appraisal continues to be guided by the JWT-based policy inputs.
- The Open Policy Agent (OPA)-based evaluation algorithm (
- Updated OpenSSL to 3.0.19.
- The DCAP package now includes the PCCS binary built from Intel® SGX and Intel® TDX Provisioning Certificate Caching Service (PCCS) 1.25 Release.
- Added support for CentOS* Stream 10 and Red Hat* Enterprise Linux* 10.
- Aligned TCB Date Tag behavior with documented one in QVL supplemental data.
- Bug fixes.
Intel® SGX/TDX DCAP 1.24
- Added support for Azure Linux 3.0, Debian 12 and Anolis 8.10.
- Moved PCCS source to a separate repository: https://github.com/intel/confidential-computing.tee.dcap.pccs.
- Split PCCS Admin Tool into two: PCS Client Tool for Intel PCS interactions and PCCS Admin Tool for PCCS administrative operations.
- Increased QVE enclave size to support long Certificate Revocation List.
- Improved QVL to return complete collection of SA lists.
- Upgraded Intel® DCAP Quote Verification Enclave to integrate OpenSSL/SGXSSL 3.0.17.
- DCAP 1.24.100.2 package contains PCCS binaries built from the 1.23.100.1 source code that contains updated dependencies. Packages created from new PCCS repository will be available in the next release.
- Bug fixes.
Intel(R) SGX DCAP 1.23 Release
Added support for Red Hat Enterprise Linux Server 9.4 (for x86_64) and SUSE Linux Enterprise Server 15.6 64-bits.
Added support for the FIPS 140-3 Certifiable QvE (Quote Verification Enclave) as an experimental feature.
Restored Intel® DCAP PCCS.
Fixed bugs.
Intel(R) SGX DCAP 1.22 Release
Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.14.
Removed Intel DCAP PCCS from repository.
Added Ubuntu* 24.04 LTS 64-bit Server support.
Fixed bugs.
Note that PCCS is not available from this release. Please follow DCAP installation guide to use PCCSAdminTool to retrieve the attestation collaterals or use old version PCCS.
Intel(R) SGX DCAP 1.21 Release
Upgraded Intel DCAP Ring3 Abstraction Layer(R3AAL) library to support ConfigFS-TSM as communication channel between host and guest for TDX remote attestation.
Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.13.
Upgraded new TDX attestation result “TD_RELAUNCH_ADVISED” in Intel DCAP Quote Verification Library(QVL) and Appraisal Engine.
Fixed bugs.
Intel(R) SGX DCAP 1.20 Release
Introduced the Intel DCAP Appraisal Engine within quote verification library, empowering users to evaluate verification results against diverse policies.
Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.12.
Added Rust wrapper for quote provider library APIs.
Fixed bugs.
Intel(R) SGX DCAP 1.19 Release
Resigned all Intel SGX Architecture Enclaves.
Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.10.
Added Attestation Library support for Intel(R) TDX Migration TD.
Added Rust wrapper for low-level Quote Generation APIs.
Enabled SE_TRACE log in release binary.
Updated Rust QVL wrapper to use native Rust structure for quote verification collateral.
Added a limitation in the DCAP QVL to only allow the user to set the QvE load policy once.
Fixed bugs.
Intel(R) SGX DCAP 1.18 Release
Introduced Intel(R) TDX 1.4 and 1.5 support.
Upgraded Ring3 Abstraction Layer (R3AAL) library to support Intel(R) TDX MVP 6.2 kernel.
Enhanced quote verification performance in multi-thread scenarios.
Upgraded Intel(R) SGX Quote Verification Enclave to integrate latest OpenSSL/SgxSSL 1.1.1u.
Fixed bugs.
Intel(R) SGX DCAP 1.17 Release
Applied CVE-2023-1255, CVE-2023-0465, and CVE-2023-0466 patches to SgxSSL/OpenSSL 1.1.1t.
Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography library version 2021.7.
Upgraded Intel SGX Quote Verification Enclave to integrate updated SgxSSL.
Enhanced the attestation local cache functionality by giving users the option to provide their own cache file.
Enabled QPL/QCNL log in DCAP samples.
Fixed bugs.
Intel(R) SGX DCAP 1.16 Release
Upgraded Intel SGX Quote Verification Enclave to integrate SgxSSL/OpenSSL version 1.1.1t.
Added new API in quote verification library to extract FMSPC (Family-Model-Stepping-Platform-CustomSKU) value from ECDSA quote.
Added Rust support for SGX ECDSA quote generation.
Added Linux kernel 5.19 support in TDX R3AAL (Ring 3 Attestation Abstraction Layer).
Removed Protobuf in TDX QGS (Quote Generation Service) and R3AAL (Ring 3 Attestation Abstraction Layer).
Fixed bugs.