Intel has recently contributed a full implementation for UEFI Capsule update, including support for the EFI System Resource Table (ESRT) and Firmware Management Protocol (FMP), under EDK II. The SignedCapsulePkg has been ported to two open platforms, MinnowBoard Max/Turbot and Intel® Galileo, for further development and validation.
Intel® RealSense™ Object Library middleware gives machines the ability to understand what they are looking at, in other words, imparting meaning to the vision the Intel RealSense cameras provide. This ability allows for more dynamic human-machine interaction. Object Library uses a CNN-based architecture that utilizes depth to efficiently and accurately classify and localize objects. This middleware includes a library for recognizing, localizing, and tracking objects from a pre-defined library.
The Enclave Definition Language (EDL) supports multidimensional, fixed-size arrays to be used in data structure definition and parameter declaration. Zero-length array and flexible array member, however, are not supported. The special attribute
isary is used to designate function parameters that are of a user defined type array.
There are three main activities involved in establishing trust in software.
Sealing to the enclave author uses the identity of the enclave author, which the CPU stores in the MRSIGNER register at enclave initialization time, and binds this value to the key used by the seal data function. This binding is performed by the hardware through the EGETKEY instruction. The key used by the seal data function is also bound to the Product ID of the enclave. The Product ID is stored in the CPU when the enclave is instantiated.
Modern operating systems provide mechanisms for allowing applications to be notified of major power events on the platform. When the platform enters the S3 and S4 power states (suspend to RAM and hibernate to disk), the keys are erased and all of the enclaves are destroyed. Enclaves that wish to preserve secrets across S3, S4, and S5 must save state information on disk.
The Microsoft* Visual Studio* add-in is provided to the Intel® Software Guard Extensions developer for configuring an enclave or importing an enclave to untrusted components conveniently and efficiently. This add-in has three main features:
This topic introduces how to link an enclave with the following types of libraries:
- Dynamic libraries
- Static Libraries
- Simulation Libraries