Linux 2.16 Open Source Gold Release

Upgraded to OpenSSL 1.1.1m.
Provided RA-TLS (Remote Attestation based Transport Layer Security) APIs and
  Samples.
Supported PKRU (Protection Key rights Register) in Enclave.
Added APIs of SHA384 and VerifyReport2 to support TDX.
Enhanced QPL (Quote Provider Library) to support caching Intel PCK
  (Provisioning Certificate Key) certificate chain in local memory, or
  retrieving Intel PCK cert chain from local HTTP/S address.
Upgraded Intel ECDSA Quote Verification Enclave to integrate SgxSSL/OpenSSL
  version 1.1.1m.
Introduced Intel ID enclave for QE identity generation.
Fixed bugs.

Signed-off-by: Li, Xun <[email protected]>

Author: llly

License.txt

@@ -1577,3 +1577,55 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
+
+
+21. Remote Attestation based TLS and Sample
+
+MIT License
+
+Copyright (c) Open Enclave SDK contributors.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE
+
+22. musl C
+
+musl as a whole is licensed under the following standard MIT license:
+
+----------------------------------------------------------------------
+Copyright © 2005-2020 Rich Felker, et al.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Makefile

@@ -90,8 +90,12 @@ sdk_install_pkg: sdk
 psw_install_pkg: psw
 ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_qe3.signed.so)", "")
 	./external/dcap_source/QuoteGeneration/download_prebuilt.sh
+endif
+ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so)", "")
+	./external/dcap_source/QuoteGeneration/download_prebuilt.sh
 endif
 	$(CP) external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_qe3.signed.so $(BUILD_DIR)
+	$(CP) external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so $(BUILD_DIR)
 	./linux/installer/bin/build-installpkg.sh psw
 
 .PHONY: deb_libsgx_ae_qe3
@@ -101,6 +105,13 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
 endif
 	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ae_qe3_pkg
 	$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qe3/libsgx-ae-qe3*.deb ./linux/installer/deb/sgx-aesm-service/
+.PHONY: deb_libsgx_ae_id_enclave
+deb_libsgx_ae_id_enclave:
+ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so)", "")
+	./external/dcap_source/QuoteGeneration/download_prebuilt.sh
+endif
+	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_ae_id_enclave_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-id-enclave/libsgx-ae-id-enclave*.deb ./linux/installer/deb/sgx-aesm-service/
 .PHONY: deb_libsgx_qe3_logic
 deb_libsgx_qe3_logic: psw
 	$(MAKE) -C external/dcap_source/QuoteGeneration deb_sgx_qe3_logic_pkg
@@ -139,12 +150,12 @@ deb_libsgx_urts: psw
 	./linux/installer/deb/libsgx-urts/build.sh
 
 .PHONY: deb_libsgx_headers_pkg
-deb_libsgx_headers_pkg: 
+deb_libsgx_headers_pkg:
 	./linux/installer/deb/libsgx-headers/build.sh
 
 ifeq ($(CC_BELOW_5_2), 1)
 .PHONY: deb_psw_pkg
-deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3
+deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_id_enclave
 else
 .PHONY: deb_libsgx_dcap_default_qpl
 deb_libsgx_dcap_default_qpl:
@@ -188,7 +199,7 @@ deb_sgx_ra_service_pkg:
 
 
 .PHONY: deb_psw_pkg
-deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs deb_libsgx_dcap_ql deb_libsgx_ae_qve deb_sgx_dcap_quote_verify deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
+deb_psw_pkg: deb_libsgx_headers_pkg deb_libsgx_qe3_logic deb_libsgx_pce_logic deb_sgx_aesm_service deb_libsgx_epid deb_libsgx_launch deb_libsgx_quote_ex deb_libsgx_uae_service deb_libsgx_enclave_common deb_libsgx_urts deb_libsgx_ae_qe3 deb_libsgx_ae_id_enclave deb_libsgx_dcap_default_qpl deb_libsgx_dcap_pccs deb_libsgx_dcap_ql deb_libsgx_ae_qve deb_sgx_dcap_quote_verify deb_sgx_pck_id_retrieval_tool_pkg deb_sgx_ra_service_pkg
 endif
 
 .PHONY: deb_local_repo
@@ -202,6 +213,13 @@ ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/li
 endif
 	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_qe3_pkg
 	$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/libsgx-ae-qe3*.rpm ./linux/installer/rpm/sgx-aesm-service/
+.PHONY: rpm_libsgx_ae_id_enclave
+rpm_libsgx_ae_id_enclave:
+ifeq ("$(wildcard ./external/dcap_source/QuoteGeneration/psw/ae/data/prebuilt/libsgx_id_enclave.signed.so)", "")
+	./external/dcap_source/QuoteGeneration/download_prebuilt.sh
+endif
+	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_ae_id_enclave_pkg
+	$(CP) external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-id-enclave/libsgx-ae-id-enclave*.rpm ./linux/installer/rpm/sgx-aesm-service/
 .PHONY: rpm_libsgx_pce_logic
 rpm_libsgx_pce_logic: psw
 	$(MAKE) -C external/dcap_source/QuoteGeneration rpm_sgx_pce_logic_pkg
@@ -244,12 +262,12 @@ rpm_sdk_pkg: sdk
 	./linux/installer/rpm/sdk/build.sh
 
 .PHONY: rpm_libsgx_headers_pkg
-rpm_libsgx_headers_pkg: 
+rpm_libsgx_headers_pkg:
 	./linux/installer/rpm/libsgx-headers/build.sh
 
 ifeq ($(CC_BELOW_5_2), 1)
 .PHONY: rpm_psw_pkg
-rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3
+rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_id_enclave
 else
 .PHONY: rpm_libsgx_dcap_default_qpl
 rpm_libsgx_dcap_default_qpl:
@@ -291,7 +309,7 @@ rpm_sgx_ra_service_pkg:
 	$(CP) external/dcap_source/tools/SGXPlatformRegistration/build/installer/libsgx-ra-*rpm ./linux/installer/rpm/sgx-aesm-service/
 
 .PHONY: rpm_psw_pkg
-rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_dcap_default_qpl rpm_libsgx_dcap_pccs rpm_libsgx_dcap_ql rpm_libsgx_ae_qve rpm_sgx_dcap_quote_verify rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
+rpm_psw_pkg: rpm_libsgx_headers_pkg rpm_libsgx_pce_logic rpm_libsgx_qe3_logic rpm_sgx_aesm_service rpm_libsgx_epid rpm_libsgx_launch rpm_libsgx_quote_ex rpm_libsgx_uae_service rpm_libsgx_enclave_common rpm_libsgx_urts rpm_libsgx_ae_qe3 rpm_libsgx_ae_id_enclave rpm_libsgx_dcap_default_qpl rpm_libsgx_dcap_pccs rpm_libsgx_dcap_ql rpm_libsgx_ae_qve rpm_sgx_dcap_quote_verify rpm_sgx_pck_id_retrieval_tool_pkg rpm_sgx_ra_service_pkg
 endif
 
 .PHONY: rpm_local_repo
@@ -335,6 +353,7 @@ ifeq ("$(shell test -f external/dcap_source/QuoteVerification/Makefile && echo M
 	@$(MAKE) -C external/dcap_source/QuoteGeneration    clean
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qve/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-qe3/clean.sh
+	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-ae-id-enclave/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-dcap-default-qpl/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/libsgx-pce-logic/clean.sh
@@ -343,6 +362,7 @@ ifeq ("$(shell test -f external/dcap_source/QuoteVerification/Makefile && echo M
 	./external/dcap_source/QuoteGeneration/installer/linux/deb/sgx-dcap-pccs/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qve/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-qe3/clean.sh
+	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-ae-id-enclave/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-default-qpl/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-dcap-ql/clean.sh
 	./external/dcap_source/QuoteGeneration/installer/linux/rpm/libsgx-pce-logic/clean.sh

Makefile.psw_dcap

@@ -0,0 +1,71 @@
+#
+# Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#   * Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#   * Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
+#     distribution.
+#   * Neither the name of Intel Corporation nor the names of its
+#     contributors may be used to endorse or promote products derived
+#     from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+include buildenv.mk
+
+define DIR_EXISTS
+$(shell test -d $(1) && echo "$(1)")
+endef
+
+SGX_SDK := /tmp/intel/sgxsdk
+export SGX_SDK
+
+.PHONY: build psw dcap install clean sdk install_sdk
+
+build: psw dcap
+
+psw: install_sdk
+	@$(MAKE) -C psw/ USE_OPT_LIBS=$(USE_OPT_LIBS)
+
+dcap: install_sdk
+	@$(MAKE) -C external/dcap_source/
+
+install:
+	@$(MAKE) -I linux/installer/common/psw-dcap -f linux/installer/common/psw-dcap/Makefile SRCDIR=. DESTDIR=$(DESTDIR) install
+
+clean:
+	@$(MAKE) -C psw/                  clean
+	@$(MAKE) -C external/dcap_source/ clean
+	@$(MAKE) -C sdk/                  clean
+ifneq ($(call DIR_EXISTS,$(SGX_SDK)),)
+	$(SGX_SDK)/uninstall.sh
+endif
+
+sdk:
+	$(MAKE) -C sdk/ USE_OPT_LIBS=$(USE_OPT_LIBS)
+	$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl clean
+	$(MAKE) -C external/dcap_source/QuoteVerification/dcap_tvl
+
+install_sdk: sdk
+	./linux/installer/bin/build-installpkg.sh sdk
+ifeq ($(call DIR_EXISTS,$(SGX_SDK)),)
+	./linux/installer/bin/sgx_linux_x64_sdk_*.bin --prefix=$(dir $(SGX_SDK))
+endif

README.md

@@ -91,8 +91,8 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
   * Ubuntu\* 18.04 LTS Server 64bits
   * Ubuntu\* 20.04 LTS Desktop 64bits
   * Ubuntu\* 20.04 LTS Server 64bits
-  * Red Hat Enterprise Linux Server release 8.2 64bits
-  * CentOS 8.2 64bits
+  * Red Hat Enterprise Linux Server release 8.4 64bits
+  * CentOS Stream 8 64bits
 
 - Use the following command(s) to install the required tools to build the Intel(R) SGX SDK:  
   * On Ubuntu 18.04:
@@ -103,13 +103,13 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
   ```
     $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl
   ```
-  * On Red Hat Enterprise Linux 8.2:
+  * On Red Hat Enterprise Linux 8.4:
   ```
     $ sudo yum groupinstall 'Development Tools'
     $ sudo yum install ocaml ocaml-ocamlbuild wget python2 openssl-devel git cmake perl
     $ sudo alternatives --set python /usr/bin/python2
   ```
-  * On CentOS 8.2:
+  * On CentOS Stream 8:
   ```
     $ sudo dnf group install 'Development Tools'
     $ sudo dnf --enablerepo=PowerTools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python2
@@ -122,11 +122,11 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
       ```
         $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip
       ```
-      * On Red Hat Enterprise Linux 8.2:
+      * On Red Hat Enterprise Linux 8.4:
       ```
         $ sudo yum install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils
       ```
-      * On CentOS 8.2:
+      * On CentOS Stream 8:
       ```
         $ sudo dnf --enablerepo=PowerTools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils
       ```
@@ -231,7 +231,7 @@ You can find the tools and libraries generated in the `build/linux` directory.
   ```
   $ make deb_psw_pkg DEBUG=1
   ```
-  * On Red Hat Enterprise Linux 8.2 and CentOS 8.2:
+  * On Red Hat Enterprise Linux 8.4 and CentOS Stream 8:
   ```
   $ make rpm_psw_pkg
   ```
@@ -275,12 +275,12 @@ You can find the tools and libraries generated in the `build/linux` directory.
   **Note**: The above command builds the local package repository. If you want to use it, you need to add it to the system repository configuration. Since the local package repository is not signed with GPG, you should ignore the gpgcheck when installing the packages.
 
   - To add the local RPM package repository to the system repository configuration, you can use the following command. You need to replace PATH_TO_LOCAL_REPO with the proper path on your system:
-  * On Red Hat Enterprise Linux 8.2 and CentOS 8.2:
+  * On Red Hat Enterprise Linux 8.4 and CentOS Stream 8:
   ```
   $ sudo yum-config-manager --add-repo file://PATH_TO_LOCAL_REPO
   ```
   - To ignore the gpgcheck when you install the package, enter the following command:
-  * On Red Hat Enterprise Linux 8.2 and CentOS 8.2:
+  * On Red Hat Enterprise Linux 8.4 and CentOS Stream 8:
   ```
   $ sudo yum --nogpgcheck install <package>
   ```
@@ -293,14 +293,14 @@ Install the Intel(R) SGX SDK
   * Ubuntu\* 18.04 LTS Server 64bits
   * Ubuntu\* 20.04 LTS Desktop 64bits
   * Ubuntu\* 20.04 LTS Server 64bits
-  * Red Hat Enterprise Linux Server release 8.2 64bits
-  * CentOS 8.2 64bits
+  * Red Hat Enterprise Linux Server release 8.4 64bits
+  * CentOS Stream 8 64bits
 - Use the following command to install the required tool to use Intel(R) SGX SDK:
   * On Ubuntu 18.04 and Ubuntu 20.04:
   ```  
     $ sudo apt-get install build-essential python
   ```
-  * On Red Hat Enterprise Linux 8.2 and CentOS 8.2:
+  * On Red Hat Enterprise Linux 8.4 and CentOS Stream 8:
   ```
      $ sudo yum groupinstall 'Development Tools'
      $ sudo yum install python2
@@ -357,8 +357,8 @@ Install the Intel(R) SGX PSW
   * Ubuntu\* 18.04 LTS Server 64bits
   * Ubuntu\* 20.04 LTS Desktop 64bits
   * Ubuntu\* 20.04 LTS Server 64bits
-  * Red Hat Enterprise Linux Server release 8.2 64bits
-  * CentOS 8.2 64bits
+  * Red Hat Enterprise Linux Server release 8.4 64bits
+  * CentOS Stream 8 64bits
 - Ensure that you have a system with the following required hardware:  
   * 6th Generation Intel(R) Core(TM) Processor or newer
 - Configure the system with the **Intel SGX hardware enabled** option and install Intel(R) SGX driver in advance.  
@@ -368,11 +368,11 @@ Install the Intel(R) SGX PSW
   ```
     $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
   ```
-  * On Red Hat Enterprise Linux 8.2:  
+  * On Red Hat Enterprise Linux 8.4:  
   ```
     $ sudo yum install openssl-devel libcurl-devel protobuf-devel
   ```
-  * On CentOS 8.2:
+  * On CentOS Stream 8:
   ```
     $ sudo dnf --enablerepo=PowerTools install libcurl-devel protobuf-devel
   ```
@@ -382,7 +382,7 @@ The SGX PSW provides 3 services: launch, EPID-based attestation, and algorithm a
 
 #### Using the local repo(recommended)
 
-|   |Ubuntu 18.04 and Ubuntu 20.04|Red Hat Enterprise Linux 8.2, CentOS 8.2|
+|   |Ubuntu 18.04 and Ubuntu 20.04|Red Hat Enterprise Linux 8.4, CentOS Stream 8|
 | ------------ | ------------ | ------------ |
 |launch service |apt-get install libsgx-launch libsgx-urts|yum install libsgx-launch libsgx-urts|
 |EPID-based attestation service|apt-get install libsgx-epid libsgx-urts|yum install libsgx-epid libsgx-urts|
@@ -407,7 +407,10 @@ Some packages are configured with recommended dependency on other packages that
 ```
   --no-install-recommends
 ```
-**NOTE** On rpm based system, rpmbuild>=4.12 is required to enable similar features. 
+* On Red Hat Enterprise Linux 8.4 and CentOS Stream 8:
+```
+  --setopt=install_weak_deps=False
+```
 
 ### ECDSA attestation
 To enable ECDSA attestation    

SampleCode/Cxx14SGXDemo/Enclave/TrustedLibrary/Libcxx.cpp

@@ -294,8 +294,8 @@ void ecall_cxx14_equal_mismatch_permutation_new_overloads()
     printf("first pair of different values: (%d, %d)\n",
            *diff_pair.first, *diff_pair.second);
 
-    constexpr auto v_permu1 = {1, 2, 3, 4, 5};
-    constexpr auto v_permu2 = {3, 5, 4, 1, 9};
+    auto v_permu1 = {1, 2, 3, 4, 5};
+    auto v_permu2 = {3, 5, 4, 1, 9};
     printf("v_permu1 and v_permu2 is_permutation: %s\n",
            std::is_permutation(v_permu1.begin(), v_permu1.end(),
                                      v_permu2.begin()) ? "True" : "False");