v0.10.1

What's Changed

• build(deps): bump scientific from 0.5.2 to 0.5.3 by @dependabot in #501
• kbs: update kustomization yaml to v0.10.1 & fix release script by @Xynnn007 in #504

Full Changelog: v0.10.0...v0.10.1

v0.10.0

What's Changed

• intel-trust-authority-as: add error message log by @pawelpros in #424
• doc: add attestation policy guide for ibmse verifier by @huoqifeng in #433
• CLI: specify ATTESTER to build kbs-client by @genjuro214 in #429
• ci: test use https in kbs e2e test by @mkulke in #434
• KBS: Enable deployment for s390x by @BbolroC in #436
• KBS: refactor code structure by @Xynnn007 in #430
• Fix broken SE link by @fitzthum in #437
• e2e-test: fix binary build on self-hosted runners by @mkulke in #438
• docker: refactor docker folder structure by @pawelpros in #427
• config: fix custom pccs deployment for TDX by @fitzthum in #439
• doc: update ibmse verifier document by @huoqifeng in #440
• AS/verifier: support AA eventlog in TDX by @Xynnn007 in #408
• build(deps): bump clap_lex from 0.7.0 to 0.7.1 by @dependabot in #441
• KBS: Add aliyun KMS as repository storage backend by @Xynnn007 in #444
• GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in #453
• kbs: Fix rate limit error with busybox by @ChengyuZhu6 in #452
• kbs: add ProtocolVersion error by @mythi in #449
• ci: fix doc_lazy_continuation checks added in rust 1.80.0 by @mythi in #447
• kbs: Refactor nonce handling by @jodh-intel in #457
• initdata: enhance the initdata spec for PeerPod and IBM SE by @huoqifeng in #450
• build(deps): bump serde from 1.0.200 to 1.0.205 by @dependabot in #459
• ibmse: SE_SKIP_CERTS_VERIFICATION for all KBS image by @huoqifeng in #460
• build(deps): bump regex from 1.10.4 to 1.10.6 by @dependabot in #461
• ibmse: use hash rather than hex for initdata digest in claims by @huoqifeng in #462
• ibmse: update readme to reflect initdata change by @huoqifeng in #464
• build(deps): bump ureq from 2.9.7 to 2.10.1 by @dependabot in #465
• build(deps): bump zstd from 0.13.1 to 0.13.2 by @dependabot in #466
• build(deps): bump backtrace from 0.3.71 to 0.3.73 by @dependabot in #467
• build(deps): bump colorchoice from 1.0.1 to 1.0.2 by @dependabot in #468
• kbs: msic fix in self-signed-https.md by @huoqifeng in #469
• build(deps): bump zerocopy from 0.7.32 to 0.7.35 by @dependabot in #471
• build(deps): bump security-framework-sys from 2.10.0 to 2.11.1 by @dependabot in #472
• build(deps): bump flate2 from 1.0.30 to 1.0.32 by @dependabot in #474
• chore: fix cargo warnings on missing default-features by @mythi in #475
• build(deps): bump hyper from 0.14.28 to 0.14.30 by @dependabot in #476
• build(deps): bump is-terminal from 0.4.12 to 0.4.13 by @dependabot in #479
• build(deps): bump getrandom from 0.2.14 to 0.2.15 by @dependabot in #481
• Bump kbs-types and kbs_protocol with a KBS protocol version change by @mythi in #445
• kbs: token: configuration cleanup by @mythi in #483
• build(deps): bump version_check from 0.9.4 to 0.9.5 by @dependabot in #482
• kbs: token: add verifier with JSON Web Keys by @mythi in #458
• ita: use AttestationTokenVerifier by @mythi in #490
• update CODEOWNERS by @mythi in #488
• build(deps): bump wasm-bindgen from 0.2.92 to 0.2.93 by @dependabot in #492
• Bump az-tdx-vtpm & az-snp-vtpm from 0.5.3 to 0.7.0 by @pawelpros in #493
• build(deps): bump serde_spanned from 0.6.6 to 0.6.7 by @dependabot in #495
• build(deps): bump curl-sys from 0.4.72+curl-8.6.0 to 0.4.74+curl-8.9.0 by @dependabot in #496
• kbs: ita: Set hash algorithm based on TEE type by @jodh-intel in #491
• ita: add support for Azure attestation using dedicated API by @pawelpros in #494
• bump guest-components + ITA kustomization by @mythi in #497
• ita: Build the kustomization based on nodeport by @fidencio in #498
• build(deps): bump libloading from 0.8.3 to 0.8.5 by @dependabot in #499
• chore: update guest-components to v0.10.0 by @Xynnn007 in #500

New Contributors

• @genjuro214 made their first contribution in #429

Full Changelog: v0.9.0...v0.10.0

v0.9.0

What's Changed

• kbs/config: add RVPS config by @wainersm in #321
• ci: set certs/key as makefile deps in e2e test by @mkulke in #325
• ci: add az-tdx-vtpm workflow for e2e tests by @mkulke in #323
• kbs: improvements to quickstart and misc by @wainersm in #324
• CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #331
• bump: jsonwebtoken to 9 by @Xynnn007 in #292
• ci: fix DCAP package install by @mythi in #336
• KBS: add a guide for HTTPS kbs usage by @Xynnn007 in #340
• Add configuration file for RVPS and add support for JSON fs storage by @Xynnn007 in #339
• az-snp/tdx-vtpm-verifier: add PCRs to claims map by @mkulke in #334
• docs: fix repo name from kbs to Trustee by @Xynnn007 in #337
• build(deps): Bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.1 in /attestation-service/attestation-service/src/cgo by @dependabot in #347
• Verifier: Refactor errors in csv module by @kartikjoshi21 in #330
• Use the Trustee name in a few more places by @fitzthum in #355
• Verifeir: Add support for TDX quote v5 by @Xynnn007 in #354
• Build and push kbs-client binary by @portersrc in #349
• Fix build warnings by @fitzthum in #360
• Add write-packages permission for kbs-client-build-and-push workflow by @portersrc in #358
• AS & KBS | Optimize log by @Xynnn007 in #362
• attestation-service: Refactor errors in attestation module by @kartikjoshi21 in #327
• Azsnpvtpm: Replace anyhow error crate with thiserror crate by @kartikjoshi21 in #341
• [RFC] Initdata specification by @Xynnn007 in #348
• kbs: switch to Regorus for resource policy by @fitzthum in #357
• docker: Use Ubuntu 22.04 as kbs base image by @mkulke in #368
• AS: Optimize policy management mechanism by @jialez0 in #351
• k8s-config: Add support for NodePort service type by @surajssd in #371
• Add a helper script for releasing trustee by @portersrc in #373
• Tidy the readme and documents by @Xynnn007 in #365
• KBS: fix session status by @Xynnn007 in #376
• k8s: docs: DCAP kustomization + non-release images by @mythi in #375
• AS/verifier: Enhance quote verification with multi-thread support in tdx by @ChengyuZhu6 in #387
• workflows: Rename Docker build step from gRPC to RESTful by @ChengyuZhu6 in #389
• add: snp updates and mods to support VLEK by @wobito in #385
• kbs: Add support for configurable policy by @kartikjoshi21 in #392
• Update SNP Verifier with report and init claims by @fitzthum in #253
• AS | Refactor the policy module by @Xynnn007 in #390
• tdx: sgx: Bump DCAP dependency by @fidencio in #398
• kbs-client: encode policies with nopad-url-b64 by @mkulke in #400
• CI: set expected tee in policy within the kbs e2e test by @mkulke in #401
• attestation: fix clippy error in intel_trust_authority AS by @mythi in #402
• Add Dockerfile for Red Hat UBI by @spotlesstofu in #403
• Verifier: Add IBM Secure Execution driver framework by @huoqifeng in #345
• AS | Fix SGX verifier & Optimization by @Xynnn007 in #404
• drop Golang from builds by @mythi in #405
• Enable artifacts for s390x by @BbolroC in #383
• chore: bump guest-components and reqwest by @mythi in #412
• ibmsse: change ec to rsa key by @huoqifeng in #411
• ibmse: add development document for ibmse verifier by @huoqifeng in #413
• Fix KBS AS build warning by @larrydewey in #421
• kbs: shrink the size of docker image by @Xynnn007 in #417
• Add runtime dependencies to Dockerfile.rhel-ubi by @spotlesstofu in #422
• ibmse: add debug_assertions for debug and release branch by @huoqifeng in #420
• kbs: simplify tee-pubkey reading from the attestation token by @mythi in #414
• intel-trust-authority-as: add runtime data to attestation request by @mythi in #406
• AS/verifier: fix tdx quote verification unit test by @Xynnn007 in #426
• ibmse: use optional root_ca when launch kbs by @huoqifeng in #423
• ci: added publishing intel trust authority AS docker by @pawelpros in #410
• opa: Refactor opa module errors by @kartikjoshi21 in #409
• ibmse: update attestation-service documents for ibmse by @liudalibj in #428
• bump: guest-components to candidate v0.9.0 by @Xynnn007 in #425
• kbs: Revert support for configurable policy by @mkulke in #431
• Release: Update KBS for v0.9.0 by @portersrc in #432

New Contributors

• @wainersm made their first contribution in #321
• @wobito made their first contribution in #385
• @fidencio made their first contribution in #398
• @spotlesstofu made their first contribution in #403
• @huoqifeng made their first contribution in #345
• @larrydewey made their first contribution in #421
• @pawelpros made their first contribution in #410
• @liudalibj made their first contribution in #428

Full Changelog: v0.8.2...v0.9.0

v0.8.2

Note

There is no KBS v0.8.1. There was a v0.8.1 of the attestation-service and rvps prior to the repo merge.

Many significant changes have been made to the KBS while general CoCo releases have been suspended. Hence, we have released KBS v0.8.2. Among other things the changes include a significant security fix that squashes a bug where the result of the resource policy was not properly checked.

What's Changed

• Merge Attestation-Service and KBS by @Xynnn007 in #173
• docs: fix links inside documents by @Xynnn007 in #222
• build(deps): Bump rustls-pemfile from 1.0.3 to 1.0.4 by @dependabot in #224
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #161
• build(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #160
• build(deps): Bump github.com/open-policy-agent/opa from 0.56.0 to 0.58.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #176
• Fix Azure SNP vTPM attestation (grpc) by @lmilleri in #221
• k8s-configs: Add Ingress config by @surajssd in #166
• attestation-service: Fix report signature validation in SNP verifier by @mkulke in #229
• attestation-service: Reuse SNP verifier logic in az-snp-vtpm by @mkulke in #230
• attestation: verifier: tdx: Allow equals in kernel param values by @jodh-intel in #227
• attestation-service: fix checks for VCEK signature by @mkulke in #233
• Refactor Attestation-Service by @Xynnn007 in #216
• attestation-agent: fail fast on broken AMD certs by @mkulke in #236
• Fix cgo mods in AS & RVPS by @Xynnn007 in #239
• CSV Verifier: Update Evidence format by @jialez0 in #243
• Rename Amber to Intel Trust Authority by @mythi in #244
• attestation-service: bump az-snp-vtpm verifier by @mkulke in #245
• chore: fix some comments around RVPS by @chendave in #247
• build(deps): Bump github.com/open-policy-agent/opa from 0.58.0 to 0.59.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #249
• kbs: Build image on merge to main by @kartikjoshi21 in #170
• build(deps): Bump docker/login-action from 2 to 3 by @dependabot in #252
• build(deps): Bump docker/setup-buildx-action from 1 to 3 by @dependabot in #251
• AS: add parsed claims for TDX/SGX and documents by @Xynnn007 in #248
• Cca: Get the evidence from EAR (EAT Attesation Result) by @chendave in #241
• kbs: Fix docker registry name in image build workflow by @kartikjoshi21 in #254
• build(deps): Bump actions/setup-go from 4 to 5 by @dependabot in #257
• attestation: verifier: tdx: Rework TdShimPlatformConfigInfo try_from by @jodh-intel in #255
• Fix dependency version when building container image by @Xynnn007 in #261
• [Attestation Service] Change the API of CoCo-AS by @Xynnn007 in #240
• build(deps): Bump github.com/open-policy-agent/opa from 0.59.0 to 0.60.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #263
• Bump kbs-types and kbs_protocol dep version by @Xynnn007 in #266
• Bump kbs protocol by @Xynnn007 in #267
• Attestation Service | Add RESTful CoCo-AS Implementation by @Xynnn007 in #262
• build(deps): Bump anstyle-wincon from 3.0.1 to 3.0.2 by @dependabot in #268
• build(deps): Bump is-terminal from 0.4.9 to 0.4.10 by @dependabot in #270
• kbs/tool: remove unless dependency by @Xynnn007 in #271
• Added e2e test for CoCo-AS using SNP evidence by @Xynnn007 in #264
• build(deps): Bump rustix from 0.38.26 to 0.38.28 by @dependabot in #273
• ci: build grpc kbs every merge to main by @Xynnn007 in #272
• KBS/perf: promote the concurrency performance of KBS by @Lu-Biao in #275
• KBS: Optimize performance and memory usage by @Xynnn007 in #258
• AS/Verifier: fix the report/init data comparation by @Xynnn007 in #274
• build(deps): Bump memchr from 2.6.4 to 2.7.1 by @dependabot in #276
• Fix RVPS binary building & push image every merge to main by @Xynnn007 in #277
• build(deps): Bump anyhow from 1.0.75 to 1.0.79 by @dependabot in #278
• build(deps): Bump schannel from 0.1.22 to 0.1.23 by @dependabot in #280
• Add end-to-end test with docker compose and sample attester by @fitzthum in #283
• e2e-test: enable real TEE on self-hosted runners by @mkulke in #284
• build(deps): Bump actions/checkout from 3 to 4 by @dependabot in #288
• e2e: reference kbs-e2e.yaml worfklows locally by @mkulke in #291
• Support X.509 Certificate in Attestation Token. by @jialez0 in #265
• Add support az-tdx-vtpm tee by @mkulke in #169
• az-snp-vtpm-verifier: remove report_data padding by @mkulke in #295
• Fix Verifier CI coverage problem by @Xynnn007 in #299
• build(deps): Bump actions/cache from 3 to 4 by @dependabot in #296
• kbs: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #301
• Improve Documentation by @fitzthum in #287
• ci: fetch the head of a PR in kbs TEE runs by @mkulke in #309
• ci: Add default user for git rebase by @mkulke in #314
• ci: install libssl-dev for e2e on self-hosted runners by @mkulke in #308
• docs: Fix typo in cluster documentation by @GabyCT in #316
• docs: Improve RVPS document by @GabyCT in #317
• k8s: Add RVPS config to kbs-config by @surajssd in #318
• Update az snp / tdx vtpm dependency to 0.5 by @surajssd in #293
• ci: introduce actionlint and fix findings by @mkulke in #315
• build(deps): Bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #305
• Release: Update KBS for v0.8.2 release by @portersrc in #319

New Contributors

• @lmilleri made their first contribution in #221
• @jodh-intel made their first contribution in #227
• @kartikjoshi21 made their first contribution in #170
• @GabyCT made their first contribution in #316
• @portersrc made their first contribution in #319

Full Changelog: v0.8.0...v0.8.2

v0.8.0

What's Changed

• build(deps): bump serde_bytes from 0.11.9 to 0.11.12 by @dependabot in #134
• k8s config: Update image tag to v0.7.0 by @surajssd in #138
• Fix OpenAPI definition in kbs.yaml by @Xynnn007 in #135
• Update Client tool to support custom TEE pubkey and KBS certificate by @jialez0 in #127
• Add keys to gitignore by @johananl in #141
• Add docker-compose dependencies by @johananl in #140
• Include csv TEE by @BaoshunFang in #145
• dockerfile: update builder image by @Xynnn007 in #144
• build(deps): bump strum from 0.24.1 to 0.25.0 by @dependabot in #142
• Optimized the logic for token issuance and verification. by @jialez0 in #139
• ci: don't fail fast on matrix runs by @katexochen in #126
• docker: update key-broker-service Dockerfile by @mythi in #152
• Fix the passport-resource-kbs Make target name by @johananl in #148
• Refactor config by @johananl in #150
• Fix security issue: avoid directory interleaving vulnerabilities by @jialez0 in #155
• build(deps): bump thiserror from 1.0.46 to 1.0.48 by @dependabot in #154
• build(deps): bump actions/checkout from 3 to 4 by @dependabot in #157
• New tee type: CCA (Confidential Compute Architecture) by @chendave in #76
• Fixed e2e bgcheck + passport tests by @mkulke in #168
• api_server: add SGX support to Amber AS by @mythi in #159
• Recreate Cargo.lock file to retrieve latest AS by @mkulke in #165
• Bump KBS to v0.8.0 by @Xynnn007 in #172

New Contributors

• @johananl made their first contribution in #141
• @BaoshunFang made their first contribution in #145
• @chendave made their first contribution in #76

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's Changed

• build(deps): bump digest from 0.10.6 to 0.10.7 by @dependabot in #111
• build(deps): bump crossbeam-utils from 0.8.15 to 0.8.16 by @dependabot in #113
• build: add missing -y flags to apt install in dockerfile by @katexochen in #112
• build(deps): bump url from 2.3.1 to 2.4.0 by @dependabot in #114
• kbs: Add a CODEOWNERS file by @sameo in #115
• build(deps): bump proc-macro2 from 1.0.59 to 1.0.60 by @dependabot in #116
• build(deps): bump aho-corasick from 1.0.1 to 1.0.2 by @dependabot in #117
• k8s: Add configuration by @surajssd in #84
• docs: correct typos at kbs_attestation_protocol.md by @BbolroC in #121
• build(deps): bump getrandom from 0.2.9 to 0.2.10 by @dependabot in #118
• Update JWK public key format in protocol by @katexochen in #108
• Add e2e tests by @mkulke in #109
• .gitignore: Fix Makefile typo name by @surajssd in #131
• Feature: Add access resource using the KBS-provisioned Token by @Xynnn007 in #130
• deps: bump dependencies for v0.7.0 by @fitzthum in #132

New Contributors

• @katexochen made their first contribution in #112
• @BbolroC made their first contribution in #121
• @fitzthum made their first contribution in #132

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• Test data: fix security policy by @Xynnn007 in #80
• Improve support for non CoCo attestation services by @sameo in #79
• Feat Attestation Token distribution. by @jialez0 in #74
• Docs: Fixed out-of-date content of /attest endpoint by @jialez0 in #82
• Add endpoint for set attestation policy by @jialez0 in #81
• Include az-snp-vtpm TEE by @mkulke in #66
• Update KBS client Tools to test RESTful APIs by @jialez0 in #83
• KBS Config documentation by @sameo in #85
• README: Fix configuration file link by @sameo in #86
• Amber integration by @Lu-Biao in #77
• github: Enable dependabot by @sameo in #89
• build(deps): bump tonic from 0.8.3 to 0.9.2 by @dependabot in #90
• Image built in as by @Xynnn007 in #94
• build(deps): bump reqwest from 0.11.17 to 0.11.18 by @dependabot in #95
• build(deps): bump unicode-ident from 1.0.8 to 1.0.9 by @dependabot in #97
• dep: update attestation-service to v0.6.0 tag by @Xynnn007 in #104
• tools/client: move to CoCo AA, use single threaded runtime by @mythi in #103
• Bump Attestation-Service dependency to v0.6.1 by @mkulke in #105
• bump: attestation-agent to v0.6.0 by @Xynnn007 in #110
• build(deps): bump proc-macro2 from 1.0.56 to 1.0.59 by @dependabot in #101

New Contributors

• @Lu-Biao made their first contribution in #77
• @dependabot made their first contribution in #90
• @mythi made their first contribution in #103

Full Changelog: v0.5.0...v0.6.0

v0.5.0

Confidential Containers 0.5.0