Data

Tools

Indexes

Applications

Experiments

Open Source Science

Recent Releases of https://github.com/confidential-containers/trustee

https://github.com/confidential-containers/trustee - v0.13.0

What's Changed

  • build(deps): bump scroll from 0.11.0 to 0.12.0 by @dependabot in https://github.com/confidential-containers/trustee/pull/740
  • Update attestation service source link in dockerfile by @RodgerZhu in https://github.com/confidential-containers/trustee/pull/748
  • kbs/plugins: Replace PKCS11 resource backend with its own plugin by @tylerfanelli in https://github.com/confidential-containers/trustee/pull/735
  • build(deps): bump time from 0.3.39 to 0.3.40 by @dependabot in https://github.com/confidential-containers/trustee/pull/750
  • kbs: added request payload size config option by @pawelpros in https://github.com/confidential-containers/trustee/pull/755
  • Update kbs image version by @ksandowi in https://github.com/confidential-containers/trustee/pull/756
  • Clean up some text in the README by @jonner in https://github.com/confidential-containers/trustee/pull/759
  • Add basic RVPS support to kbs-client by @fitzthum in https://github.com/confidential-containers/trustee/pull/757
  • Arm CCA local verifier by @thomas-fossati in https://github.com/confidential-containers/trustee/pull/738
  • kbs-client: add built-in policies by @fitzthum in https://github.com/confidential-containers/trustee/pull/763
  • verifiers: update eventlog crate by @fitzthum in https://github.com/confidential-containers/trustee/pull/766
  • tdx: change default qcnl configuration by @fitzthum in https://github.com/confidential-containers/trustee/pull/771
  • toolchain: add rust-toolchain file by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/773
  • ci: enable kbs integration / e2e sample tests on arm64 by @seungukshin in https://github.com/confidential-containers/trustee/pull/774
  • extractors: add SWID/RIM extractor by @fitzthum in https://github.com/confidential-containers/trustee/pull/777
  • policy: fix SNP policy by @fitzthum in https://github.com/confidential-containers/trustee/pull/780
  • ci: fix the kbs e2e test failure on azure vtpm by @seungukshin in https://github.com/confidential-containers/trustee/pull/781
  • kbs/config/kubernetes: update for deploying on AKS by @wainersm in https://github.com/confidential-containers/trustee/pull/778
  • Add built-in affirming policy to KBS client by @fitzthum in https://github.com/confidential-containers/trustee/pull/779
  • tdx: fixup qcnl config by @fitzthum in https://github.com/confidential-containers/trustee/pull/783
  • ci: set up native build for arm64 and kbs-client-image by @seungukshin in https://github.com/confidential-containers/trustee/pull/769
  • tdx-verifier: ignore non-QEMU kernel loader EFI measurement events by @mythi in https://github.com/confidential-containers/trustee/pull/782

New Contributors

  • @RodgerZhu made their first contribution in https://github.com/confidential-containers/trustee/pull/748
  • @ksandowi made their first contribution in https://github.com/confidential-containers/trustee/pull/756
  • @jonner made their first contribution in https://github.com/confidential-containers/trustee/pull/759

Full Changelog: https://github.com/confidential-containers/trustee/compare/v0.12.0...v0.13.0

- Rust
Published by fitzthum about 1 year ago

https://github.com/confidential-containers/trustee - v0.12.0

The v0.12.0 release of Trustee is used with CoCo v0.13.0

Note that the k8s yamls provided in this config reference the latest images rather than the images for this release.

What's Changed

  • build(deps): bump rustversion from 1.0.18 to 1.0.19 by @dependabot in https://github.com/confidential-containers/trustee/pull/661
  • build(deps): bump proc-macro2 from 1.0.89 to 1.0.93 by @dependabot in https://github.com/confidential-containers/trustee/pull/662
  • build(deps): bump tokio-util from 0.7.12 to 0.7.13 by @dependabot in https://github.com/confidential-containers/trustee/pull/663
  • Setup integration tests by @fitzthum in https://github.com/confidential-containers/trustee/pull/619
  • build(deps): bump data-encoding from 2.6.0 to 2.7.0 by @dependabot in https://github.com/confidential-containers/trustee/pull/665
  • build(deps): bump anyhow from 1.0.94 to 1.0.95 by @dependabot in https://github.com/confidential-containers/trustee/pull/669
  • ear: add TDX sample policy checks by @mythi in https://github.com/confidential-containers/trustee/pull/667
  • Reorganized integration tests and add negative tests by @fitzthum in https://github.com/confidential-containers/trustee/pull/671
  • build(deps): bump const_fn from 0.4.10 to 0.4.11 by @dependabot in https://github.com/confidential-containers/trustee/pull/672
  • kbs: ITA: Documentation update. by @szymon-klimek in https://github.com/confidential-containers/trustee/pull/675
  • deps/verifier: Add constructor for SnpEvidence by @tylerfanelli in https://github.com/confidential-containers/trustee/pull/679
  • build(deps): bump url from 2.5.3 to 2.5.4 by @dependabot in https://github.com/confidential-containers/trustee/pull/680
  • verifier: add parsing tdx td attributes and usage in policy by @pawelpros in https://github.com/confidential-containers/trustee/pull/685
  • release: fixup release helper by @fitzthum in https://github.com/confidential-containers/trustee/pull/688
  • build(deps): bump unicode-ident from 1.0.14 to 1.0.16 by @dependabot in https://github.com/confidential-containers/trustee/pull/686
  • as, rvps: Documentation fixes and add ons, podman Containerfiles by @tylerfanelli in https://github.com/confidential-containers/trustee/pull/684
  • Update release scripting for kbs-client by @portersrc in https://github.com/confidential-containers/trustee/pull/691
  • build(deps): bump time from 0.3.36 to 0.3.37 by @dependabot in https://github.com/confidential-containers/trustee/pull/690
  • Minor refactor of RVPS by @fitzthum in https://github.com/confidential-containers/trustee/pull/676
  • setup-opa action and Ubuntu 24.04 runners by @mythi in https://github.com/confidential-containers/trustee/pull/687
  • build(deps): bump cryptoki from 0.7.0 to 0.8.0 by @dependabot in https://github.com/confidential-containers/trustee/pull/693
  • RVPS | Replace Mutex to RwLock by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/695
  • workflows: install ORAS on runners by @fitzthum in https://github.com/confidential-containers/trustee/pull/696
  • build(deps): bump blake2b_simd from 1.0.2 to 1.0.3 by @dependabot in https://github.com/confidential-containers/trustee/pull/697
  • tdx-verifier: eventlog: handle OVMF/efistub measurements correctly by @mythi in https://github.com/confidential-containers/trustee/pull/674
  • config: fix insecure_key parameter by @fitzthum in https://github.com/confidential-containers/trustee/pull/700
  • Dockerfile: support podman by @seungukshin in https://github.com/confidential-containers/trustee/pull/689
  • Fixes inspired by Clippy by @fitzthum in https://github.com/confidential-containers/trustee/pull/668
  • verifier: add tcbinfo status, advisoryids and collateralexpirationstatus to policy by @pawelpros in https://github.com/confidential-containers/trustee/pull/704
  • KBS: Fix deployment of resources policy on k8s + misc changes by @wainersm in https://github.com/confidential-containers/trustee/pull/707
  • build(deps): bump errno from 0.3.9 to 0.3.10 by @dependabot in https://github.com/confidential-containers/trustee/pull/701
  • verifier: combined duplicated dcap implementation by @pawelpros in https://github.com/confidential-containers/trustee/pull/709
  • build(deps): bump itoa from 1.0.13 to 1.0.14 by @dependabot in https://github.com/confidential-containers/trustee/pull/710
  • Add nebula_ca plugin by @cclaudio in https://github.com/confidential-containers/trustee/pull/539
  • build(deps): bump mio from 1.0.2 to 1.0.3 by @dependabot in https://github.com/confidential-containers/trustee/pull/713
  • CI | Fix segment error aarch64 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/716
  • build(deps): bump js-sys from 0.3.72 to 0.3.77 by @dependabot in https://github.com/confidential-containers/trustee/pull/714
  • KBS: Update KBS protocol to 0.2.0 to fix JWE format due to RFC7516 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/597
  • kbs: make repository part of resource path mandatory by @pmores in https://github.com/confidential-containers/trustee/pull/720
  • rust: go back to rust 1.80.0 by @fitzthum in https://github.com/confidential-containers/trustee/pull/725
  • kbs/dockerfile: replace kbs by trustee by @niteeshkd in https://github.com/confidential-containers/trustee/pull/724
  • tdx: fix bitflags serde bug by @fitzthum in https://github.com/confidential-containers/trustee/pull/726
  • cargo fmt by @tylerfanelli in https://github.com/confidential-containers/trustee/pull/732
  • build(deps): bump cc from 1.2.15 to 1.2.16 by @dependabot in https://github.com/confidential-containers/trustee/pull/730
  • ci: fix rust version of kbs-client release dockerfile to 1.80.0 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/736
  • ci: build kbs-e2e binaries on Ubuntu 22.04 by @mythi in https://github.com/confidential-containers/trustee/pull/711
  • Add test for non-trivial KBS policy by @fitzthum in https://github.com/confidential-containers/trustee/pull/703
  • build: drop libtdx-attest by @mythi in https://github.com/confidential-containers/trustee/pull/727
  • ita: added processing event logs in SGX & TDX context by @pawelpros in https://github.com/confidential-containers/trustee/pull/733
  • build(deps): bump quote from 1.0.39 to 1.0.40 by @dependabot in https://github.com/confidential-containers/trustee/pull/739
  • fix(as): make EAR TV names into acceptable OPA variable names by @thomas-fossati in https://github.com/confidential-containers/trustee/pull/742

New Contributors

  • @szymon-klimek made their first contribution in https://github.com/confidential-containers/trustee/pull/675
  • @cclaudio made their first contribution in https://github.com/confidential-containers/trustee/pull/539
  • @pmores made their first contribution in https://github.com/confidential-containers/trustee/pull/720
  • @niteeshkd made their first contribution in https://github.com/confidential-containers/trustee/pull/724

Full Changelog: https://github.com/confidential-containers/trustee/compare/v0.11.0...v0.12.0

- Rust
Published by fitzthum about 1 year ago

https://github.com/confidential-containers/trustee - v0.10.1

What's Changed

  • build(deps): bump scientific from 0.5.2 to 0.5.3 by @dependabot in https://github.com/confidential-containers/trustee/pull/501
  • kbs: update kustomization yaml to v0.10.1 & fix release script by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/504

Full Changelog: https://github.com/confidential-containers/trustee/compare/v0.10.0...v0.10.1

- Rust
Published by Xynnn007 over 1 year ago

https://github.com/confidential-containers/trustee - v0.10.0

What's Changed

  • intel-trust-authority-as: add error message log by @pawelpros in https://github.com/confidential-containers/trustee/pull/424
  • doc: add attestation policy guide for ibmse verifier by @huoqifeng in https://github.com/confidential-containers/trustee/pull/433
  • CLI: specify ATTESTER to build kbs-client by @genjuro214 in https://github.com/confidential-containers/trustee/pull/429
  • ci: test use https in kbs e2e test by @mkulke in https://github.com/confidential-containers/trustee/pull/434
  • KBS: Enable deployment for s390x by @BbolroC in https://github.com/confidential-containers/trustee/pull/436
  • KBS: refactor code structure by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/430
  • Fix broken SE link by @fitzthum in https://github.com/confidential-containers/trustee/pull/437
  • e2e-test: fix binary build on self-hosted runners by @mkulke in https://github.com/confidential-containers/trustee/pull/438
  • docker: refactor docker folder structure by @pawelpros in https://github.com/confidential-containers/trustee/pull/427
  • config: fix custom pccs deployment for TDX by @fitzthum in https://github.com/confidential-containers/trustee/pull/439
  • doc: update ibmse verifier document by @huoqifeng in https://github.com/confidential-containers/trustee/pull/440
  • AS/verifier: support AA eventlog in TDX by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/408
  • build(deps): bump clap_lex from 0.7.0 to 0.7.1 by @dependabot in https://github.com/confidential-containers/trustee/pull/441
  • KBS: Add aliyun KMS as repository storage backend by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/444
  • GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in https://github.com/confidential-containers/trustee/pull/453
  • kbs: Fix rate limit error with busybox by @ChengyuZhu6 in https://github.com/confidential-containers/trustee/pull/452
  • kbs: add ProtocolVersion error by @mythi in https://github.com/confidential-containers/trustee/pull/449
  • ci: fix doclazycontinuation checks added in rust 1.80.0 by @mythi in https://github.com/confidential-containers/trustee/pull/447
  • kbs: Refactor nonce handling by @jodh-intel in https://github.com/confidential-containers/trustee/pull/457
  • initdata: enhance the initdata spec for PeerPod and IBM SE by @huoqifeng in https://github.com/confidential-containers/trustee/pull/450
  • build(deps): bump serde from 1.0.200 to 1.0.205 by @dependabot in https://github.com/confidential-containers/trustee/pull/459
  • ibmse: SESKIPCERTS_VERIFICATION for all KBS image by @huoqifeng in https://github.com/confidential-containers/trustee/pull/460
  • build(deps): bump regex from 1.10.4 to 1.10.6 by @dependabot in https://github.com/confidential-containers/trustee/pull/461
  • ibmse: use hash rather than hex for initdata digest in claims by @huoqifeng in https://github.com/confidential-containers/trustee/pull/462
  • ibmse: update readme to reflect initdata change by @huoqifeng in https://github.com/confidential-containers/trustee/pull/464
  • build(deps): bump ureq from 2.9.7 to 2.10.1 by @dependabot in https://github.com/confidential-containers/trustee/pull/465
  • build(deps): bump zstd from 0.13.1 to 0.13.2 by @dependabot in https://github.com/confidential-containers/trustee/pull/466
  • build(deps): bump backtrace from 0.3.71 to 0.3.73 by @dependabot in https://github.com/confidential-containers/trustee/pull/467
  • build(deps): bump colorchoice from 1.0.1 to 1.0.2 by @dependabot in https://github.com/confidential-containers/trustee/pull/468
  • kbs: msic fix in self-signed-https.md by @huoqifeng in https://github.com/confidential-containers/trustee/pull/469
  • build(deps): bump zerocopy from 0.7.32 to 0.7.35 by @dependabot in https://github.com/confidential-containers/trustee/pull/471
  • build(deps): bump security-framework-sys from 2.10.0 to 2.11.1 by @dependabot in https://github.com/confidential-containers/trustee/pull/472
  • build(deps): bump flate2 from 1.0.30 to 1.0.32 by @dependabot in https://github.com/confidential-containers/trustee/pull/474
  • chore: fix cargo warnings on missing default-features by @mythi in https://github.com/confidential-containers/trustee/pull/475
  • build(deps): bump hyper from 0.14.28 to 0.14.30 by @dependabot in https://github.com/confidential-containers/trustee/pull/476
  • build(deps): bump is-terminal from 0.4.12 to 0.4.13 by @dependabot in https://github.com/confidential-containers/trustee/pull/479
  • build(deps): bump getrandom from 0.2.14 to 0.2.15 by @dependabot in https://github.com/confidential-containers/trustee/pull/481
  • Bump kbs-types and kbs_protocol with a KBS protocol version change by @mythi in https://github.com/confidential-containers/trustee/pull/445
  • kbs: token: configuration cleanup by @mythi in https://github.com/confidential-containers/trustee/pull/483
  • build(deps): bump version_check from 0.9.4 to 0.9.5 by @dependabot in https://github.com/confidential-containers/trustee/pull/482
  • kbs: token: add verifier with JSON Web Keys by @mythi in https://github.com/confidential-containers/trustee/pull/458
  • ita: use AttestationTokenVerifier by @mythi in https://github.com/confidential-containers/trustee/pull/490
  • update CODEOWNERS by @mythi in https://github.com/confidential-containers/trustee/pull/488
  • build(deps): bump wasm-bindgen from 0.2.92 to 0.2.93 by @dependabot in https://github.com/confidential-containers/trustee/pull/492
  • Bump az-tdx-vtpm & az-snp-vtpm from 0.5.3 to 0.7.0 by @pawelpros in https://github.com/confidential-containers/trustee/pull/493
  • build(deps): bump serde_spanned from 0.6.6 to 0.6.7 by @dependabot in https://github.com/confidential-containers/trustee/pull/495
  • build(deps): bump curl-sys from 0.4.72+curl-8.6.0 to 0.4.74+curl-8.9.0 by @dependabot in https://github.com/confidential-containers/trustee/pull/496
  • kbs: ita: Set hash algorithm based on TEE type by @jodh-intel in https://github.com/confidential-containers/trustee/pull/491
  • ita: add support for Azure attestation using dedicated API by @pawelpros in https://github.com/confidential-containers/trustee/pull/494
  • bump guest-components + ITA kustomization by @mythi in https://github.com/confidential-containers/trustee/pull/497
  • ita: Build the kustomization based on nodeport by @fidencio in https://github.com/confidential-containers/trustee/pull/498
  • build(deps): bump libloading from 0.8.3 to 0.8.5 by @dependabot in https://github.com/confidential-containers/trustee/pull/499
  • chore: update guest-components to v0.10.0 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/500

New Contributors

  • @genjuro214 made their first contribution in https://github.com/confidential-containers/trustee/pull/429

Full Changelog: https://github.com/confidential-containers/trustee/compare/v0.9.0...v0.10.0

- Rust
Published by Xynnn007 over 1 year ago

https://github.com/confidential-containers/trustee - v0.9.0

What's Changed

  • kbs/config: add RVPS config by @wainersm in https://github.com/confidential-containers/trustee/pull/321
  • ci: set certs/key as makefile deps in e2e test by @mkulke in https://github.com/confidential-containers/trustee/pull/325
  • ci: add az-tdx-vtpm workflow for e2e tests by @mkulke in https://github.com/confidential-containers/trustee/pull/323
  • kbs: improvements to quickstart and misc by @wainersm in https://github.com/confidential-containers/trustee/pull/324
  • CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/331
  • bump: jsonwebtoken to 9 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/292
  • ci: fix DCAP package install by @mythi in https://github.com/confidential-containers/trustee/pull/336
  • KBS: add a guide for HTTPS kbs usage by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/340
  • Add configuration file for RVPS and add support for JSON fs storage by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/339
  • az-snp/tdx-vtpm-verifier: add PCRs to claims map by @mkulke in https://github.com/confidential-containers/trustee/pull/334
  • docs: fix repo name from kbs to Trustee by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/337
  • build(deps): Bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.1 in /attestation-service/attestation-service/src/cgo by @dependabot in https://github.com/confidential-containers/trustee/pull/347
  • Verifier: Refactor errors in csv module by @kartikjoshi21 in https://github.com/confidential-containers/trustee/pull/330
  • Use the Trustee name in a few more places by @fitzthum in https://github.com/confidential-containers/trustee/pull/355
  • Verifeir: Add support for TDX quote v5 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/354
  • Build and push kbs-client binary by @portersrc in https://github.com/confidential-containers/trustee/pull/349
  • Fix build warnings by @fitzthum in https://github.com/confidential-containers/trustee/pull/360
  • Add write-packages permission for kbs-client-build-and-push workflow by @portersrc in https://github.com/confidential-containers/trustee/pull/358
  • AS & KBS | Optimize log by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/362
  • attestation-service: Refactor errors in attestation module by @kartikjoshi21 in https://github.com/confidential-containers/trustee/pull/327
  • Azsnpvtpm: Replace anyhow error crate with thiserror crate by @kartikjoshi21 in https://github.com/confidential-containers/trustee/pull/341
  • [RFC] Initdata specification by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/348
  • kbs: switch to Regorus for resource policy by @fitzthum in https://github.com/confidential-containers/trustee/pull/357
  • docker: Use Ubuntu 22.04 as kbs base image by @mkulke in https://github.com/confidential-containers/trustee/pull/368
  • AS: Optimize policy management mechanism by @jialez0 in https://github.com/confidential-containers/trustee/pull/351
  • k8s-config: Add support for NodePort service type by @surajssd in https://github.com/confidential-containers/trustee/pull/371
  • Add a helper script for releasing trustee by @portersrc in https://github.com/confidential-containers/trustee/pull/373
  • Tidy the readme and documents by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/365
  • KBS: fix session status by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/376
  • k8s: docs: DCAP kustomization + non-release images by @mythi in https://github.com/confidential-containers/trustee/pull/375
  • AS/verifier: Enhance quote verification with multi-thread support in tdx by @ChengyuZhu6 in https://github.com/confidential-containers/trustee/pull/387
  • workflows: Rename Docker build step from gRPC to RESTful by @ChengyuZhu6 in https://github.com/confidential-containers/trustee/pull/389
  • add: snp updates and mods to support VLEK by @wobito in https://github.com/confidential-containers/trustee/pull/385
  • kbs: Add support for configurable policy by @kartikjoshi21 in https://github.com/confidential-containers/trustee/pull/392
  • Update SNP Verifier with report and init claims by @fitzthum in https://github.com/confidential-containers/trustee/pull/253
  • AS | Refactor the policy module by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/390
  • tdx: sgx: Bump DCAP dependency by @fidencio in https://github.com/confidential-containers/trustee/pull/398
  • kbs-client: encode policies with nopad-url-b64 by @mkulke in https://github.com/confidential-containers/trustee/pull/400
  • CI: set expected tee in policy within the kbs e2e test by @mkulke in https://github.com/confidential-containers/trustee/pull/401
  • attestation: fix clippy error in inteltrustauthority AS by @mythi in https://github.com/confidential-containers/trustee/pull/402
  • Add Dockerfile for Red Hat UBI by @spotlesstofu in https://github.com/confidential-containers/trustee/pull/403
  • Verifier: Add IBM Secure Execution driver framework by @huoqifeng in https://github.com/confidential-containers/trustee/pull/345
  • AS | Fix SGX verifier & Optimization by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/404
  • drop Golang from builds by @mythi in https://github.com/confidential-containers/trustee/pull/405
  • Enable artifacts for s390x by @BbolroC in https://github.com/confidential-containers/trustee/pull/383
  • chore: bump guest-components and reqwest by @mythi in https://github.com/confidential-containers/trustee/pull/412
  • ibmsse: change ec to rsa key by @huoqifeng in https://github.com/confidential-containers/trustee/pull/411
  • ibmse: add development document for ibmse verifier by @huoqifeng in https://github.com/confidential-containers/trustee/pull/413
  • Fix KBS AS build warning by @larrydewey in https://github.com/confidential-containers/trustee/pull/421
  • kbs: shrink the size of docker image by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/417
  • Add runtime dependencies to Dockerfile.rhel-ubi by @spotlesstofu in https://github.com/confidential-containers/trustee/pull/422
  • ibmse: add debug_assertions for debug and release branch by @huoqifeng in https://github.com/confidential-containers/trustee/pull/420
  • kbs: simplify tee-pubkey reading from the attestation token by @mythi in https://github.com/confidential-containers/trustee/pull/414
  • intel-trust-authority-as: add runtime data to attestation request by @mythi in https://github.com/confidential-containers/trustee/pull/406
  • AS/verifier: fix tdx quote verification unit test by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/426
  • ibmse: use optional root_ca when launch kbs by @huoqifeng in https://github.com/confidential-containers/trustee/pull/423
  • ci: added publishing intel trust authority AS docker by @pawelpros in https://github.com/confidential-containers/trustee/pull/410
  • opa: Refactor opa module errors by @kartikjoshi21 in https://github.com/confidential-containers/trustee/pull/409
  • ibmse: update attestation-service documents for ibmse by @liudalibj in https://github.com/confidential-containers/trustee/pull/428
  • bump: guest-components to candidate v0.9.0 by @Xynnn007 in https://github.com/confidential-containers/trustee/pull/425
  • kbs: Revert support for configurable policy by @mkulke in https://github.com/confidential-containers/trustee/pull/431
  • Release: Update KBS for v0.9.0 by @portersrc in https://github.com/confidential-containers/trustee/pull/432

New Contributors

  • @wainersm made their first contribution in https://github.com/confidential-containers/trustee/pull/321
  • @wobito made their first contribution in https://github.com/confidential-containers/trustee/pull/385
  • @fidencio made their first contribution in https://github.com/confidential-containers/trustee/pull/398
  • @spotlesstofu made their first contribution in https://github.com/confidential-containers/trustee/pull/403
  • @huoqifeng made their first contribution in https://github.com/confidential-containers/trustee/pull/345
  • @larrydewey made their first contribution in https://github.com/confidential-containers/trustee/pull/421
  • @pawelpros made their first contribution in https://github.com/confidential-containers/trustee/pull/410
  • @liudalibj made their first contribution in https://github.com/confidential-containers/trustee/pull/428

Full Changelog: https://github.com/confidential-containers/trustee/compare/v0.8.2...v0.9.0

- Rust
Published by fitzthum almost 2 years ago

https://github.com/confidential-containers/trustee - v0.8.2

[!NOTE] There is no KBS v0.8.1. There was a v0.8.1 of the attestation-service and rvps prior to the repo merge.

Many significant changes have been made to the KBS while general CoCo releases have been suspended. Hence, we have released KBS v0.8.2. Among other things the changes include a significant security fix that squashes a bug where the result of the resource policy was not properly checked.

What's Changed

  • Merge Attestation-Service and KBS by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/173
  • docs: fix links inside documents by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/222
  • build(deps): Bump rustls-pemfile from 1.0.3 to 1.0.4 by @dependabot in https://github.com/confidential-containers/kbs/pull/224
  • build(deps): bump docker/login-action from 2 to 3 by @dependabot in https://github.com/confidential-containers/kbs/pull/161
  • build(deps): bump docker/build-push-action from 4 to 5 by @dependabot in https://github.com/confidential-containers/kbs/pull/160
  • build(deps): Bump github.com/open-policy-agent/opa from 0.56.0 to 0.58.0 in /attestation-service/attestation-service/src/cgo by @dependabot in https://github.com/confidential-containers/kbs/pull/176
  • Fix Azure SNP vTPM attestation (grpc) by @lmilleri in https://github.com/confidential-containers/kbs/pull/221
  • k8s-configs: Add Ingress config by @surajssd in https://github.com/confidential-containers/kbs/pull/166
  • attestation-service: Fix report signature validation in SNP verifier by @mkulke in https://github.com/confidential-containers/kbs/pull/229
  • attestation-service: Reuse SNP verifier logic in az-snp-vtpm by @mkulke in https://github.com/confidential-containers/kbs/pull/230
  • attestation: verifier: tdx: Allow equals in kernel param values by @jodh-intel in https://github.com/confidential-containers/kbs/pull/227
  • attestation-service: fix checks for VCEK signature by @mkulke in https://github.com/confidential-containers/kbs/pull/233
  • Refactor Attestation-Service by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/216
  • attestation-agent: fail fast on broken AMD certs by @mkulke in https://github.com/confidential-containers/kbs/pull/236
  • Fix cgo mods in AS & RVPS by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/239
  • CSV Verifier: Update Evidence format by @jialez0 in https://github.com/confidential-containers/kbs/pull/243
  • Rename Amber to Intel Trust Authority by @mythi in https://github.com/confidential-containers/kbs/pull/244
  • attestation-service: bump az-snp-vtpm verifier by @mkulke in https://github.com/confidential-containers/kbs/pull/245
  • chore: fix some comments around RVPS by @chendave in https://github.com/confidential-containers/kbs/pull/247
  • build(deps): Bump github.com/open-policy-agent/opa from 0.58.0 to 0.59.0 in /attestation-service/attestation-service/src/cgo by @dependabot in https://github.com/confidential-containers/kbs/pull/249
  • kbs: Build image on merge to main by @kartikjoshi21 in https://github.com/confidential-containers/kbs/pull/170
  • build(deps): Bump docker/login-action from 2 to 3 by @dependabot in https://github.com/confidential-containers/kbs/pull/252
  • build(deps): Bump docker/setup-buildx-action from 1 to 3 by @dependabot in https://github.com/confidential-containers/kbs/pull/251
  • AS: add parsed claims for TDX/SGX and documents by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/248
  • Cca: Get the evidence from EAR (EAT Attesation Result) by @chendave in https://github.com/confidential-containers/kbs/pull/241
  • kbs: Fix docker registry name in image build workflow by @kartikjoshi21 in https://github.com/confidential-containers/kbs/pull/254
  • build(deps): Bump actions/setup-go from 4 to 5 by @dependabot in https://github.com/confidential-containers/kbs/pull/257
  • attestation: verifier: tdx: Rework TdShimPlatformConfigInfo try_from by @jodh-intel in https://github.com/confidential-containers/kbs/pull/255
  • Fix dependency version when building container image by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/261
  • [Attestation Service] Change the API of CoCo-AS by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/240
  • build(deps): Bump github.com/open-policy-agent/opa from 0.59.0 to 0.60.0 in /attestation-service/attestation-service/src/cgo by @dependabot in https://github.com/confidential-containers/kbs/pull/263
  • Bump kbs-types and kbs_protocol dep version by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/266
  • Bump kbs protocol by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/267
  • Attestation Service | Add RESTful CoCo-AS Implementation by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/262
  • build(deps): Bump anstyle-wincon from 3.0.1 to 3.0.2 by @dependabot in https://github.com/confidential-containers/kbs/pull/268
  • build(deps): Bump is-terminal from 0.4.9 to 0.4.10 by @dependabot in https://github.com/confidential-containers/kbs/pull/270
  • kbs/tool: remove unless dependency by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/271
  • Added e2e test for CoCo-AS using SNP evidence by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/264
  • build(deps): Bump rustix from 0.38.26 to 0.38.28 by @dependabot in https://github.com/confidential-containers/kbs/pull/273
  • ci: build grpc kbs every merge to main by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/272
  • KBS/perf: promote the concurrency performance of KBS by @Lu-Biao in https://github.com/confidential-containers/kbs/pull/275
  • KBS: Optimize performance and memory usage by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/258
  • AS/Verifier: fix the report/init data comparation by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/274
  • build(deps): Bump memchr from 2.6.4 to 2.7.1 by @dependabot in https://github.com/confidential-containers/kbs/pull/276
  • Fix RVPS binary building & push image every merge to main by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/277
  • build(deps): Bump anyhow from 1.0.75 to 1.0.79 by @dependabot in https://github.com/confidential-containers/kbs/pull/278
  • build(deps): Bump schannel from 0.1.22 to 0.1.23 by @dependabot in https://github.com/confidential-containers/kbs/pull/280
  • Add end-to-end test with docker compose and sample attester by @fitzthum in https://github.com/confidential-containers/kbs/pull/283
  • e2e-test: enable real TEE on self-hosted runners by @mkulke in https://github.com/confidential-containers/kbs/pull/284
  • build(deps): Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/confidential-containers/kbs/pull/288
  • e2e: reference kbs-e2e.yaml worfklows locally by @mkulke in https://github.com/confidential-containers/kbs/pull/291
  • Support X.509 Certificate in Attestation Token. by @jialez0 in https://github.com/confidential-containers/kbs/pull/265
  • Add support az-tdx-vtpm tee by @mkulke in https://github.com/confidential-containers/kbs/pull/169
  • az-snp-vtpm-verifier: remove report_data padding by @mkulke in https://github.com/confidential-containers/kbs/pull/295
  • Fix Verifier CI coverage problem by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/299
  • build(deps): Bump actions/cache from 3 to 4 by @dependabot in https://github.com/confidential-containers/kbs/pull/296
  • kbs: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in https://github.com/confidential-containers/kbs/pull/301
  • Improve Documentation by @fitzthum in https://github.com/confidential-containers/kbs/pull/287
  • ci: fetch the head of a PR in kbs TEE runs by @mkulke in https://github.com/confidential-containers/kbs/pull/309
  • ci: Add default user for git rebase by @mkulke in https://github.com/confidential-containers/kbs/pull/314
  • ci: install libssl-dev for e2e on self-hosted runners by @mkulke in https://github.com/confidential-containers/kbs/pull/308
  • docs: Fix typo in cluster documentation by @GabyCT in https://github.com/confidential-containers/kbs/pull/316
  • docs: Improve RVPS document by @GabyCT in https://github.com/confidential-containers/kbs/pull/317
  • k8s: Add RVPS config to kbs-config by @surajssd in https://github.com/confidential-containers/kbs/pull/318
  • Update az snp / tdx vtpm dependency to 0.5 by @surajssd in https://github.com/confidential-containers/kbs/pull/293
  • ci: introduce actionlint and fix findings by @mkulke in https://github.com/confidential-containers/kbs/pull/315
  • build(deps): Bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 in /attestation-service/attestation-service/src/cgo by @dependabot in https://github.com/confidential-containers/kbs/pull/305
  • Release: Update KBS for v0.8.2 release by @portersrc in https://github.com/confidential-containers/kbs/pull/319

New Contributors

  • @lmilleri made their first contribution in https://github.com/confidential-containers/kbs/pull/221
  • @jodh-intel made their first contribution in https://github.com/confidential-containers/kbs/pull/227
  • @kartikjoshi21 made their first contribution in https://github.com/confidential-containers/kbs/pull/170
  • @GabyCT made their first contribution in https://github.com/confidential-containers/kbs/pull/316
  • @portersrc made their first contribution in https://github.com/confidential-containers/kbs/pull/319

Full Changelog: https://github.com/confidential-containers/kbs/compare/v0.8.0...v0.8.2

- Rust
Published by fitzthum over 2 years ago

https://github.com/confidential-containers/trustee - v0.8.0

What's Changed

  • build(deps): bump serde_bytes from 0.11.9 to 0.11.12 by @dependabot in https://github.com/confidential-containers/kbs/pull/134
  • k8s config: Update image tag to v0.7.0 by @surajssd in https://github.com/confidential-containers/kbs/pull/138
  • Fix OpenAPI definition in kbs.yaml by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/135
  • Update Client tool to support custom TEE pubkey and KBS certificate by @jialez0 in https://github.com/confidential-containers/kbs/pull/127
  • Add keys to gitignore by @johananl in https://github.com/confidential-containers/kbs/pull/141
  • Add docker-compose dependencies by @johananl in https://github.com/confidential-containers/kbs/pull/140
  • Include csv TEE by @BaoshunFang in https://github.com/confidential-containers/kbs/pull/145
  • dockerfile: update builder image by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/144
  • build(deps): bump strum from 0.24.1 to 0.25.0 by @dependabot in https://github.com/confidential-containers/kbs/pull/142
  • Optimized the logic for token issuance and verification. by @jialez0 in https://github.com/confidential-containers/kbs/pull/139
  • ci: don't fail fast on matrix runs by @katexochen in https://github.com/confidential-containers/kbs/pull/126
  • docker: update key-broker-service Dockerfile by @mythi in https://github.com/confidential-containers/kbs/pull/152
  • Fix the passport-resource-kbs Make target name by @johananl in https://github.com/confidential-containers/kbs/pull/148
  • Refactor config by @johananl in https://github.com/confidential-containers/kbs/pull/150
  • Fix security issue: avoid directory interleaving vulnerabilities by @jialez0 in https://github.com/confidential-containers/kbs/pull/155
  • build(deps): bump thiserror from 1.0.46 to 1.0.48 by @dependabot in https://github.com/confidential-containers/kbs/pull/154
  • build(deps): bump actions/checkout from 3 to 4 by @dependabot in https://github.com/confidential-containers/kbs/pull/157
  • New tee type: CCA (Confidential Compute Architecture) by @chendave in https://github.com/confidential-containers/kbs/pull/76
  • Fixed e2e bgcheck + passport tests by @mkulke in https://github.com/confidential-containers/kbs/pull/168
  • api_server: add SGX support to Amber AS by @mythi in https://github.com/confidential-containers/kbs/pull/159
  • Recreate Cargo.lock file to retrieve latest AS by @mkulke in https://github.com/confidential-containers/kbs/pull/165
  • Bump KBS to v0.8.0 by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/172

New Contributors

  • @johananl made their first contribution in https://github.com/confidential-containers/kbs/pull/141
  • @BaoshunFang made their first contribution in https://github.com/confidential-containers/kbs/pull/145
  • @chendave made their first contribution in https://github.com/confidential-containers/kbs/pull/76

Full Changelog: https://github.com/confidential-containers/kbs/compare/v0.7.0...v0.8.0

- Rust
Published by Xynnn007 over 2 years ago

https://github.com/confidential-containers/trustee - v0.7.0

What's Changed

  • build(deps): bump digest from 0.10.6 to 0.10.7 by @dependabot in https://github.com/confidential-containers/kbs/pull/111
  • build(deps): bump crossbeam-utils from 0.8.15 to 0.8.16 by @dependabot in https://github.com/confidential-containers/kbs/pull/113
  • build: add missing -y flags to apt install in dockerfile by @katexochen in https://github.com/confidential-containers/kbs/pull/112
  • build(deps): bump url from 2.3.1 to 2.4.0 by @dependabot in https://github.com/confidential-containers/kbs/pull/114
  • kbs: Add a CODEOWNERS file by @sameo in https://github.com/confidential-containers/kbs/pull/115
  • build(deps): bump proc-macro2 from 1.0.59 to 1.0.60 by @dependabot in https://github.com/confidential-containers/kbs/pull/116
  • build(deps): bump aho-corasick from 1.0.1 to 1.0.2 by @dependabot in https://github.com/confidential-containers/kbs/pull/117
  • k8s: Add configuration by @surajssd in https://github.com/confidential-containers/kbs/pull/84
  • docs: correct typos at kbsattestationprotocol.md by @BbolroC in https://github.com/confidential-containers/kbs/pull/121
  • build(deps): bump getrandom from 0.2.9 to 0.2.10 by @dependabot in https://github.com/confidential-containers/kbs/pull/118
  • Update JWK public key format in protocol by @katexochen in https://github.com/confidential-containers/kbs/pull/108
  • Add e2e tests by @mkulke in https://github.com/confidential-containers/kbs/pull/109
  • .gitignore: Fix Makefile typo name by @surajssd in https://github.com/confidential-containers/kbs/pull/131
  • Feature: Add access resource using the KBS-provisioned Token by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/130
  • deps: bump dependencies for v0.7.0 by @fitzthum in https://github.com/confidential-containers/kbs/pull/132

New Contributors

  • @katexochen made their first contribution in https://github.com/confidential-containers/kbs/pull/112
  • @BbolroC made their first contribution in https://github.com/confidential-containers/kbs/pull/121
  • @fitzthum made their first contribution in https://github.com/confidential-containers/kbs/pull/132

Full Changelog: https://github.com/confidential-containers/kbs/compare/v0.6.0...v0.7.0

- Rust
Published by fitzthum almost 3 years ago

https://github.com/confidential-containers/trustee - v0.6.0

What's Changed

  • Test data: fix security policy by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/80
  • Improve support for non CoCo attestation services by @sameo in https://github.com/confidential-containers/kbs/pull/79
  • Feat Attestation Token distribution. by @jialez0 in https://github.com/confidential-containers/kbs/pull/74
  • Docs: Fixed out-of-date content of /attest endpoint by @jialez0 in https://github.com/confidential-containers/kbs/pull/82
  • Add endpoint for set attestation policy by @jialez0 in https://github.com/confidential-containers/kbs/pull/81
  • Include az-snp-vtpm TEE by @mkulke in https://github.com/confidential-containers/kbs/pull/66
  • Update KBS client Tools to test RESTful APIs by @jialez0 in https://github.com/confidential-containers/kbs/pull/83
  • KBS Config documentation by @sameo in https://github.com/confidential-containers/kbs/pull/85
  • README: Fix configuration file link by @sameo in https://github.com/confidential-containers/kbs/pull/86
  • Amber integration by @Lu-Biao in https://github.com/confidential-containers/kbs/pull/77
  • github: Enable dependabot by @sameo in https://github.com/confidential-containers/kbs/pull/89
  • build(deps): bump tonic from 0.8.3 to 0.9.2 by @dependabot in https://github.com/confidential-containers/kbs/pull/90
  • Image built in as by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/94
  • build(deps): bump reqwest from 0.11.17 to 0.11.18 by @dependabot in https://github.com/confidential-containers/kbs/pull/95
  • build(deps): bump unicode-ident from 1.0.8 to 1.0.9 by @dependabot in https://github.com/confidential-containers/kbs/pull/97
  • dep: update attestation-service to v0.6.0 tag by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/104
  • tools/client: move to CoCo AA, use single threaded runtime by @mythi in https://github.com/confidential-containers/kbs/pull/103
  • Bump Attestation-Service dependency to v0.6.1 by @mkulke in https://github.com/confidential-containers/kbs/pull/105
  • bump: attestation-agent to v0.6.0 by @Xynnn007 in https://github.com/confidential-containers/kbs/pull/110
  • build(deps): bump proc-macro2 from 1.0.56 to 1.0.59 by @dependabot in https://github.com/confidential-containers/kbs/pull/101

New Contributors

  • @Lu-Biao made their first contribution in https://github.com/confidential-containers/kbs/pull/77
  • @dependabot made their first contribution in https://github.com/confidential-containers/kbs/pull/90
  • @mythi made their first contribution in https://github.com/confidential-containers/kbs/pull/103

Full Changelog: https://github.com/confidential-containers/kbs/compare/v0.5.0...v0.6.0

- Rust
Published by Xynnn007 almost 3 years ago

https://github.com/confidential-containers/trustee - v0.5.0

Confidential Containers 0.5.0

- Rust
Published by wainersm about 3 years ago