Intel Security Dev API 1.0 Production Release

Similar documents
Intel Unite. Intel Unite Firewall Help Guide

Clear CMOS after Hardware Configuration Changes

Intel Compute Card Slot Design Overview

Intel Unite Plugin Guide for VDO360 Clearwater

Intel Unite Plugin for Logitech GROUP* and Logitech CONNECT* Devices INSTALLATION AND USER GUIDE

Intel QuickAssist for Windows*

Intel Software Guard Extensions SDK for Linux* OS. Installation Guide

Intel Unite Solution Intel Unite Plugin for WebEx*

IPSO 6LoWPAN IoT Software for Yocto Project* for Intel Atom Processor E3800 Product Family

Intel Unite Solution Version 4.0

Modernizing Meetings: Delivering Intel Unite App Authentication with RFID

Intel Firmware Support Package (Intel FSP) for Intel Xeon Processor D Product Family (formerly Broadwell-DE), Gold 001

Intel & Lustre: LUG Micah Bhakti

White Paper. May Document Number: US

Intel Unite Solution Version 4.0

Movidius Neural Compute Stick

Intel Unite Solution. Plugin Guide for Protected Guest Access

Intel Omni-Path Fabric Manager GUI Software

Intel Integrated Native Developer Experience 2015 (OS X* host)

Intel Speed Select Technology Base Frequency - Enhancing Performance

Intel Unite Solution Version 4.0

Intel Omni-Path Fabric Manager GUI Software

Intel QuickAssist for Windows*

Omni-Path Cluster Configurator

Intel Omni-Path Fabric Manager GUI Software

Intel Unite Solution. Plugin Guide for Protected Guest Access

Intel Unite. Enterprise Test Environment Setup Guide

Intel Unite Solution Intel Unite Plugin for Ultrasonic Join

Intel Quark Microcontroller Software Interface Pin Multiplexing

6th Generation Intel Core Processor Series

Intel Celeron Processor J1900, N2807 & N2930 for Internet of Things Platforms

Intel True Scale Fabric Switches Series

No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document.

Intel Unite Solution. Linux* Release Notes Software version 3.2

Intel Visual Compute Accelerator Product Family

Intel System Studio for Microcontrollers

DIY Security Camera using. Intel Movidius Neural Compute Stick

HAProxy* with Intel QuickAssist Technology

Andreas Dilger High Performance Data Division RUG 2016, Paris

Intel Software Guard Extensions Platform Software for Windows* OS Release Notes

Localized Adaptive Contrast Enhancement (LACE)

Intel Omni-Path Fabric Switches

Intel Unite Solution Version 4.0

Intel Xeon W-3175X Processor Thermal Design Power (TDP) and Power Rail DC Specifications

BIOS Implementation of UCSI

Running Docker* Containers on Intel Xeon Phi Processors

Intel Parallel Studio XE 2015 Composer Edition for Linux* Installation Guide and Release Notes

Intel Visual Compute Accelerator Product Family

Jomar Silva Technical Evangelist

Hetero Streams Library (hstreams Library) User's Guide

Intel Quark SE Microcontroller C1000 Power Sequencing Considerations

Intel System Debugger 2018 for System Trace Linux* host

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

Zhang, Hongchao

Intel Setup and Configuration Service. (Lightweight)

Intel Desktop Board DZ68DB

Sample for OpenCL* and DirectX* Video Acceleration Surface Sharing

LED Manager for Intel NUC

Intel IoT Gateway Platform Data Editor Tool

Intel System Information Retrieval Utility

Intel Open Network Platform Release 2.0 Hardware and Software Specifications Application Note. SDN/NFV Solutions with Intel Open Network Platform

Intel Desktop Board D915GUX Specification Update

Intel Education Theft Deterrent Release Note WW16'14. August 2014

Intel Desktop Board D915GEV Specification Update

Intel vpro Technology Virtual Seminar 2010

Intel Atom Processor E3800 Product Family Development Kit Based on Intel Intelligent System Extended (ISX) Form Factor Reference Design

Intel IoT Gateways: Pulling Data from a Temperature Sensor Using a Python Script

INTEL PERCEPTUAL COMPUTING SDK. How To Use the Privacy Notification Tool

Intel Desktop Board D945GCLF2

Intel Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE ) Side Channel Exploits.

Intel Cache Acceleration Software for Windows* Workstation

Installation Guide and Release Notes

MANAGING NODE CONFIGURATION WITH 1000S OF NODES

Intel Manageability Commander User Guide

Intel Desktop Board DH61CR

Intel Desktop Board DH61SA

Stanislav Bratanov; Roman Belenov; Ludmila Pakhomova 4/27/2015

Intel Virtualization Technology Roadmap and VT-d Support in Xen

Intel Parallel Studio XE 2011 SP1 for Linux* Installation Guide and Release Notes

Intel vpro Technology Virtual Seminar 2010

Intel Stereo 3D SDK Developer s Guide. Alpha Release

Evolving Small Cells. Udayan Mukherjee Senior Principal Engineer and Director (Wireless Infrastructure)

Intel Desktop Board D845PT Specification Update

Intel Desktop Board DP67DE

Intel Media Server Studio 2018 R1 Essentials Edition for Linux* Release Notes

OpenCL* and Microsoft DirectX* Video Acceleration Surface Sharing

Intel 848P Chipset. Specification Update. Intel 82848P Memory Controller Hub (MCH) August 2003

Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI

Building an Android* command-line application using the NDK build tools

Intel Atom x3-c3200rk Processor (Formerly SoFIA 3G R) Simple V4L2- based Capture Method for MIPI-CSI2 Smart Camera Sensors

SELINUX SUPPORT IN HFI1 AND PSM2

Configuring Intel Compute Stick STK2MV64CC/L for Intel AMT

Ernesto Su, Hideki Saito, Xinmin Tian Intel Corporation. OpenMPCon 2017 September 18, 2017

Data Center Efficiency Workshop Commentary-Intel

Intel Firmware Support Package (Intel FSP) for Intel Atom Processor C2000 Product Family POSTGOLD2

Intel vpro Technology Virtual Seminar 2010

Intel G31/P31 Express Chipset

Intel Parallel Studio XE 2011 for Linux* Installation Guide and Release Notes

Intel Desktop Board D946GZAB

Intel Desktop Board D975XBX2

Transcription:

1.0 Production Release Release Notes 24 August 2017

Version History/Revision History Date Revision Description August 2017 1.0 Limited Production Release March 2017 0.61 Limited External Distribution Intended Audience This release is intended for specific customers only. Customer Support Please contact intelsecuritydevapi_support@intel.com. 2

Contents: 1 Introduction 4 2 Features 5 3 Known Issues 6 4 Related Documentation 7 5 Release Content 8 6 Hardware and Software Compatibility 9 7 Acronyms and Terms 10 8 Legal Information 11 3

1 Introduction This document provides system requirements, issues and limitations, and legal information for Intel Security Dev API. Intel Security Dev API is an API library that makes it easy for application developers to use hardware security technologies available on Internet of Things (IoT) devices. The Intel Security Dev API SDK contains the API library and associated tools you need to use hardware security in your applications. To learn more about this product, please visit https://software.intel.com/en-us/security-dev-api or consult the information in the Related Documentation section. 4

2 Features Intel Software Guard Extensions (Intel SGX) Secure Data: Protect data on the local device with predefined or custom protection policies. Secure Transport: Protect data in transit, establish secure bidirectional TLS communication channels, and use whitelisting to restrict communication to specific domains Trusted Platform Module (TPM) RSA Signing: Securely provision RSA private keys onto TPMs and use the keys for signing. 5

3 Known Issues 1. Intel Security Dev API must be installed as root, and all scripts must be run as root, or a normal user must be given permission to access /opt/* 2. Although multiple RSA private keys can be provisioned using the Provisioning Tool, the config file used by the application will only use the last key listed in the config file for signing. a. Workaround: Update the config file with other keys manually, as needed. 3. Secure Data objects that were created by the trusted application (TA) during the TA initialization stage may not be accessible by the TA later. a. Cause: A trusted application is only considered loaded and ready (that is, part of the policy context), after load_ta() is successful. b. Workaround: Create Secure Data objects in the context of ta_invoke(), and not during TA initialization. 4. When using the trusted application simulation/debug configuration, use of very large buffers of data (such as TA debug print, or via the TA debug option in Eclipse) may result in a crash of the application. a. Cause: This limitation is due to the small buffer size of the Intel SGX TEE. Note: This only happens in debug/simulation configuration. b. Workaround: Partition TA print messages and partition data used for TA debugging. 5. When calling isec_load_ta_ex() in C/C++ or TALaunchControl.load in Java, the value of the OPTIONAL parameter ta_key_id must be NULL. Any other value will result in an internal error. a. Cause: The Encrypted Trusted Application feature is not supported in this version. b. Workaround: None 6. An attacker may be able to create a replay attack by exploiting power events/transitions. a. Cause: Hardware monotonic counters are not supported in version 1.0 of the Intel SGX SDK. b. Workaround: None 7. Policy API works properly and returns success before and independent of init() and/or shutdown() state. a. Cause: Legacy design decision to implement policy as helper API in the main application scope. This will be changed for version 1.1. b. Workaround: None 8. Enclave re-sign is not supported in Signing Tool. a. Cause: Intel SGX SDK signing tool does not support re-signing. b. Workaround:None 9. When using the isec_provisioning tool (with data=<value> ), use of exponent values for the TPM provisioned key is limited. The supported value for exponent field is 2^16+1. a. Cause: Limited support for exponent values in version 1.0. b. Workaround: Use only the following value for RSA key exponent 65537 (2^16+1). 6

4 Related Documentation The SDK is installed to the following directories: SDK root directory: Documentation: Samples: /opt/intel/isecsdk /opt/intel/isecsdk/docs /opt/intel/isecsdk/samplecode The following are online resources: Get Started Guide C/C++ Developer Guide Java Developer Guide 7

5 Release Content Intel Software Guard Extensions for Linux v1.7 Intel Security Dev API v1.0 External Dependencies Item Description Java OpenJDK 1.7 Development Tools g++ multilib gcc multilib lib32z1-dev libprotobuf-dev:i386 IDE Eclipse IDE for Java Developers (Mars.2 Release 4.5.2) 8

6 Hardware and Software Compatibility Item Hardware for Intel SGX Deployment Hardware for TPM Deployment Operating System Description Intel processor-based platform with Intel Software Guard Extensions (Intel SGX) present and enabled in the BIOS Intel processor-based platform with Intel Software Guard Extensions (Intel SGX) present and enabled in the BIOS and Trusted Platform Mode 2.0 support (either hardware or firmware) Ubuntu 14.04.4 LTS 64-bit (Desktop Version) Programming Language C/C++ or Java for the main application component Java for the trusted application component Please note that the hardware requirements above are for deployment, not development: You can develop code using the Intel Security Dev API on machines that lack SGX support. (This is called Simulation Mode and is explained in the Get Started Guide.) 9

7 Acronyms and Terms The following acronyms and terms are used in this document (arranged in alphabetic order): Acronym/Term Description API IDE SDK TEE Application Program Interface Integrated Development Environment Software Development Kit Trusted Execution Environment. Platform-provided execution container that protects the confidentiality and integrity of the execution. 10

8 Legal Information You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. No computer system can be absolutely secure. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Copyright 2017, Intel Corporation. All rights reserved. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback