Intel® SGX/TDX DCAP 1.26

• SGX SDK–owned attestation code relocated from DCAP into the Intel SGX for Linux OS repo repository, which contains (among others) the SGX SDK.
  • Trusted Verification Library (TVL) is now part of the SGX SDK distribution.
  • sgx_qve_header.h is now shipped with the libsgx-headers package (≥ 2.29) and removed from libsgx-dcap-quote-verify-dev/-devel.
  • sgx_dcap_qal_types.h (new header) now owns common type definitions shared between the TVL and DCAP (tee_policy_bundle_t, tee_policy_auth_result_t) and is included transitively via DCAP’s sgx_dcap_qal.h.
• Modified QGS (Intel TDX Quote Generation Service) implementation:
  • [BREAKING] Unix domain socket is now the default method to communicate with the QGS. Deployments relying on vsock must explicitly re-add port=<n> to qgs.conf.
  • [BREAKING — DEB only] qgs.conf is overwritten on upgrade. If you have local changes to the configuration file (e.g., vsock port and/or worker thread count), back up qgs.conf before upgrading.
  • Socket directory ownership and permissions are enforced. Directory created as qgsd:qgsd (0755), socket as 0660. Any process/service communicating over the Unix domain socket must be a member of the qgsd group (e.g., usermod -aG qgsd <username>).
  • Startup script writes a systemd drop-in setting RuntimeDirectory=tdx-qgs; stale socket files from prior unclean shutdowns are automatically cleaned on startup.
  • Configurable log level via new -l=<level> command-line flag.
  • Graceful SIGINT handling added for clean shutdown.
• Added Ubuntu 26.04 support, which required CMake 4+ and updated dpkg tooling.
• Bug fixes.

Intel® SGX/TDX DCAP 1.25

• Added Intel® Trust Domain Extensions (Intel® TDX) enhancements including:
  • Trust Domain (TD) partitioning support (including quote definition, Trust Domain Quoting Enclave (TDQE), Quote Verification Library (QVL) updates), and
  • Runtime Measurement Register (RTMR) sysfs extension logic for Linux* kernel v6.16+.
• Added Quote Appraisal Enclave (QAE) implementation.
  • The Open Policy Agent (OPA)-based evaluation algorithm (qal_script.rego) used by the Quote Appraisal Library (QAL) and the QAE through WebAssembly (WASM) processing engine is now compiled directly into the QAL/QAE. The appraisal continues to be guided by the JWT-based policy inputs.
• Updated OpenSSL to 3.0.19.
• The DCAP package now includes the PCCS binary built from Intel® SGX and Intel® TDX Provisioning Certificate Caching Service (PCCS) 1.25 Release.
• Added support for CentOS* Stream 10 and Red Hat* Enterprise Linux* 10.
• Aligned TCB Date Tag behavior with documented one in QVL supplemental data.
• Bug fixes.

Intel® SGX/TDX DCAP 1.24

• Added support for Azure Linux 3.0, Debian 12 and Anolis 8.10.
• Moved PCCS source to a separate repository: https://github.com/intel/confidential-computing.tee.dcap.pccs.
• Split PCCS Admin Tool into two: PCS Client Tool for Intel PCS interactions and PCCS Admin Tool for PCCS administrative operations.
• Increased QVE enclave size to support long Certificate Revocation List.
• Improved QVL to return complete collection of SA lists.
• Upgraded Intel® DCAP Quote Verification Enclave to integrate OpenSSL/SGXSSL 3.0.17.
• DCAP 1.24.100.2 package contains PCCS binaries built from the 1.23.100.1 source code that contains updated dependencies. Packages created from new PCCS repository will be available in the next release.
• Bug fixes.

Intel(R) SGX DCAP 1.23 Release

Added support for Red Hat Enterprise Linux Server 9.4 (for x86_64) and SUSE Linux Enterprise Server 15.6 64-bits.

Added support for the FIPS 140-3 Certifiable QvE (Quote Verification Enclave) as an experimental feature.

Restored Intel® DCAP PCCS.

Fixed bugs.

Intel(R) SGX DCAP 1.22 Release

Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.14.

Removed Intel DCAP PCCS from repository.

Added Ubuntu* 24.04 LTS 64-bit Server support.

Fixed bugs.

Note that PCCS is not available from this release. Please follow DCAP installation guide to use PCCSAdminTool to retrieve the attestation collaterals or use old version PCCS.

Intel(R) SGX DCAP 1.21 Release

Upgraded Intel DCAP Ring3 Abstraction Layer(R3AAL) library to support ConfigFS-TSM as communication channel between host and guest for TDX remote attestation.

Upgraded Intel DCAP Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.13.

Upgraded new TDX attestation result “TD_RELAUNCH_ADVISED” in Intel DCAP Quote Verification Library(QVL) and Appraisal Engine.

Fixed bugs.

Intel(R) SGX DCAP 1.20 Release

Introduced the Intel DCAP Appraisal Engine within quote verification library, empowering users to evaluate verification results against diverse policies.

Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.12.

Added Rust wrapper for quote provider library APIs.

Fixed bugs.

Intel(R) SGX DCAP 1.19 Release

Resigned all Intel SGX Architecture Enclaves.

Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.10.

Added Attestation Library support for Intel(R) TDX Migration TD.

Added Rust wrapper for low-level Quote Generation APIs.

Enabled SE_TRACE log in release binary.

Updated Rust QVL wrapper to use native Rust structure for quote verification collateral.

Added a limitation in the DCAP QVL to only allow the user to set the QvE load policy once.

Fixed bugs.

Intel(R) SGX DCAP 1.18 Release

Introduced Intel(R) TDX 1.4 and 1.5 support.

Upgraded Ring3 Abstraction Layer (R3AAL) library to support Intel(R) TDX MVP 6.2 kernel.

Enhanced quote verification performance in multi-thread scenarios.

Upgraded Intel(R) SGX Quote Verification Enclave to integrate latest OpenSSL/SgxSSL 1.1.1u.

Fixed bugs.

Intel(R) SGX DCAP 1.17 Release

Applied CVE-2023-1255, CVE-2023-0465, and CVE-2023-0466 patches to SgxSSL/OpenSSL 1.1.1t.

Upgraded to Intel(R) Integrated Performance Primitives (IPP) Cryptography library version 2021.7.

Upgraded Intel SGX Quote Verification Enclave to integrate updated SgxSSL.

Enhanced the attestation local cache functionality by giving users the option to provide their own cache file.

Enabled QPL/QCNL log in DCAP samples.

Fixed bugs.