v0.17.0

This is the release used with CoCo v0.18.0.

What's Changed

• github: fix architecture mapping while publishing images for ppc64le by @Amulyam24 in #1172
• fix(attestation-agent/attester): update attester's Cargo.toml, change the dep:csv-rs's rev to a valid ref. by @erasernoob in #1175
• github: fix the arch mapping for ppc64le for CDH and ASR builds by @Amulyam24 in #1177
• github: install missing dependencies for ppc64le while building CDH and ASR by @Amulyam24 in #1178
• github: avoid using short circuit evaluation in workflow by @Amulyam24 in #1179
• chore(deps): Bump thiserror from 2.0.16 to 2.0.17 by @dependabot[bot] in #1162
• chore(deps): Bump google.golang.org/grpc from 1.64.1 to 1.76.0 in /confidential-data-hub/golang by @dependabot[bot] in #1155
• chore(deps): Bump github.com/containerd/ttrpc from 1.2.4 to 1.2.7 in /confidential-data-hub/golang by @dependabot[bot] in #1154
• chore(deps): Bump github.com/stretchr/testify from 1.9.0 to 1.11.1 in /confidential-data-hub/golang by @dependabot[bot] in #1153
• chore(deps): Bump xattr from 1.5.1 to 1.6.1 by @dependabot[bot] in #1181
• chore(deps): Bump google.golang.org/grpc from 1.76.0 to 1.77.0 in /confidential-data-hub/golang by @dependabot[bot] in #1185
• Intel dcap github address update by @pawelpros in #1187
• nvidia: check lengths of evidence and cert chain by @fitzthum in #1186
• chore(deps): protobuf suites (prost/tonic things) Manual for #1160 by @Xynnn007 in #1180
• chore(deps): Bump github/codeql-action from 4.31.2 to 4.31.4 by @dependabot[bot] in #1192
• chore(deps): Bump actions/dependency-review-action from 45529485b5eb76184ced07362d2331fd9d26f03f to 125b99508212ce1cc3076ad60f6bd63bf6d88a66 by @dependabot[bot] in #1190
• image-rs: add image pull benchmark by @Xynnn007 in #1189
• chore(deps): Bump rsa from 0.9.8 to 0.9.9 by @dependabot[bot] in #1184
• chore(deps): Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #1193
• chore(deps): Bump ctrlc from 3.5.0 to 3.5.1 by @dependabot[bot] in #1195
• image-rs: remove nydus support by @Xynnn007 in #1196
• chore(deps): Bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in #1199
• chore(deps): Bump sigstore from 0.12.1 to 0.13.0 by @dependabot[bot] in #1203
• chore(deps): Bump actions/dependency-review-action from 125b99508212ce1cc3076ad60f6bd63bf6d88a66 to 774d14bf50b7a2e2460f9f49e25c52503ecab125 by @dependabot[bot] in #1200
• chore(deps): Bump tokio-util from 0.7.16 to 0.7.17 by @dependabot[bot] in #1202
• chore(deps): Bump uuid from 1.18.1 to 1.19.0 by @dependabot[bot] in #1205
• CDH | Extend AAEL for PullImage Event by @Xynnn007 in #1198
• chore(deps): Bump assert_cmd from 2.0.17 to 2.1.1 by @dependabot[bot] in #1204
• chore(deps): Bump base64-serde from 0.7.0 to 0.8.0 by @dependabot[bot] in #1209
• chore(deps): Bump serde_with from 3.14.0 to 3.16.1 by @dependabot[bot] in #1213
• chore(deps): Bump anyhow from 1.0.99 to 1.0.100 by @dependabot[bot] in #1212
• chore(deps): Bump sequoia-openpgp from 2.0.0 to 2.1.0 by @dependabot[bot] in #1214
• chore(deps): Bump picky-asn1-x509 from 0.15.1 to 0.15.2 by @dependabot[bot] in #1217
• chore(deps): Bump github/codeql-action from 4.31.5 to 4.31.7 by @dependabot[bot] in #1220
• chore(deps): Bump async-trait from 0.1.88 to 0.1.89 by @dependabot[bot] in #1221
• chore(deps): Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #1219
• chore(deps): Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #1218
• chore(deps): Bump clap from 4.5.50 to 4.5.53 by @dependabot[bot] in #1222
• image-rs: drop Occlum UnionFS snapshotter by @mythi in #1206
• chore(deps): Bump openssl from 0.10.73 to 0.10.75 by @dependabot[bot] in #1223
• chore(deps): Bump cfg-if from 1.0.1 to 1.0.4 by @dependabot[bot] in #1215
• chore(deps): Bump log from 0.4.28 to 0.4.29 by @dependabot[bot] in #1226
• chore(deps): Bump flate2 from 1.1.4 to 1.1.5 by @dependabot[bot] in #1225
• image-rs: allow signature configs in config file by @fitzthum in #1224
• chore(deps): Bump config from 0.15.16 to 0.15.19 by @dependabot[bot] in #1228
• chore(deps): Bump toml from 0.8.23 to 0.9.6 by @dependabot[bot] in #1227
• chore(deps): Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #1230
• chore(deps): Bump picky-asn1-der from 0.5.3 to 0.5.4 by @dependabot[bot] in #1233
• chore(deps): Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #1231
• chore(deps): Bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in #1229
• clippy: drop unused imports from AA, coco_keyprovider, and secret CLI by @mythi in #1236
• image-rs: Fix whiteout conversion when xattr check fails by @ajaypvictor in #1211
• chore(deps): Bump jwt-simple from 0.12.12 to 0.12.13 by @dependabot[bot] in #1234
• Add TPM as additional device and fix TPM report data size by @iroykaufman in #1093
• chore(deps): Bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #1238
• chore(deps): Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #1239
• chore(deps): Bump toml from 0.9.6 to 0.9.10+spec-1.1.0 by @dependabot[bot] in #1241
• chore(deps): Bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by @dependabot[bot] in #1240
• asr: fix typos by @fitzthum in #1244
• chore(deps): Bump google.golang.org/grpc from 1.77.0 to 1.78.0 in /confidential-data-hub/golang by @dependabot[bot] in #1248
• chore(deps): Bump serde_json from 1.0.145 to 1.0.146 by @dependabot[bot] in #1246
• chore(deps): Bump oci-spec from 0.8.3 to 0.8.4 by @dependabot[bot] in #1249
• ci: update apt repos in weekly Rust stable tests by @mythi in #1250
• chore(deps): Bump tempfile from 3.23.0 to 3.24.0 by @dependabot[bot] in #1251
• chore(deps): Bump async-compression from 0.4.32 to 0.4.36 by @dependabot[bot] in https://github.com/con...

v0.16.0

This is the version of guest-components used with CoCo v0.17.0

What's Changed

• image-rs: fix rust 1.90 clippy warnings by @mythi in #1113
• chore(deps): Bump astral-tokio-tar from 0.5.1 to 0.5.3 by @dependabot[bot] in #1110
• chore(deps): Bump tokio from 1.47.0 to 1.47.1 by @dependabot[bot] in #1111
• chore(deps): Bump form_urlencoded from 1.2.1 to 1.2.2 by @dependabot[bot] in #1119
• chore(deps): Bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in #1118
• deps: bump kbs-types to 0.14.0 by @mkulke in #1115
• chore(deps): Bump zeroize from 1.8.1 to 1.8.2 by @dependabot[bot] in #1120
• chore(deps): Bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #1127
• cdh: improve error message for base64 decode failures by @beraldoleal in #1125
• workflows: publish artifacts: checkout code before toolchain install by @mythi in #1121
• chore(deps): Bump astral-tokio-tar from 0.5.3 to 0.5.5 by @dependabot[bot] in #1129
• chore(deps): Bump picky-asn1-x509 from 0.14.6 to 0.15.0 by @dependabot[bot] in #1122
• Downgrade rust edition for protos by @gkurz in #1131
• chore(deps): Bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #1126
• chore(deps): Bump const_format from 0.2.34 to 0.2.35 by @dependabot[bot] in #1130
• chore(deps): Bump tokio-util from 0.7.15 to 0.7.16 by @dependabot[bot] in #1133
• chore(deps): Bump picky-asn1-x509 from 0.15.0 to 0.15.1 by @dependabot[bot] in #1136
• chore(deps): Bump github/codeql-action from 3.30.6 to 4.30.8 by @Xynnn007 in #1135
• chore(deps): Bump oci-spec from 0.8.2 to 0.8.3 by @dependabot[bot] in #1137
• chore(deps): Bump clap from 4.5.46 to 4.5.49 by @dependabot[bot] in #1138
• chore(deps): Bump bincode from 1.3.3 to 2.0.1 by @Xynnn007 in #1140
• chore(deps): Bump testcontainers from 0.22.0 to 0.25.0 by @dependabot[bot] in #1139
• chore(deps): Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #1141
• chore(deps): Bump async-compression from 0.4.30 to 0.4.32 by @dependabot[bot] in #1142
• chore(deps): Bump picky-asn1-der from 0.5.2 to 0.5.3 by @dependabot[bot] in #1144
• chore(deps): Bump astral-tokio-tar from 0.5.5 to 0.5.6 in the cargo group across 1 directory by @dependabot[bot] in #1145
• chore(deps): Bump flate2 from 1.1.2 to 1.1.4 by @dependabot[bot] in #1146
• chore(deps): Bump tempfile from 3.20.0 to 3.23.0 by @dependabot[bot] in #1149
• attester: nvidia: change evidence encoding to base64 by @mythi in #1151
• [StepSecurity] Apply security best practices by @step-security-bot in #1147
• chore(deps): Bump serde_json from 1.0.142 to 1.0.145 by @dependabot[bot] in #1150
• chore(deps): Bump clap from 4.5.49 to 4.5.50 by @dependabot[bot] in #1159
• chore(deps): Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #1158
• chore(deps): Bump github/codeql-action from 3.30.9 to 4.31.0 by @dependabot[bot] in #1156
• chore(deps): Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #1157
• chore(deps): Bump config from 0.14.1 to 0.15.16 by @dependabot[bot] in #1143
• fix(image_rs): resolve hardlinks with absolute paths during unpack by @Park-Jiyeonn in #1152
• chore(deps): Bump chrono from 0.4.41 to 0.4.42 by @dependabot[bot] in #1161
• trustee-attester: Allow passing initdata by @Jakob-Naucke in #1163
• chore(deps): Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #1164
• Minor fixes for building guest-components on ppc64le by @Amulyam24 in #1166
• misc updates and cleanups by @mythi in #1165
• kbs_protocol: enable reqwest by default by @Xynnn007 in #1167
• ci: Fix arm64 aa build issue by @seungukshin in #1169
• refactor: extract apt-get update as separate step in CI workflows by @Xynnn007 in #1170
• github: Publish guest-components for ppc64le by @Amulyam24 in #1171
• chore(deps): Bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #1173
• gha: Removing offline_sev_kbc workflow by @arvindskumar99 in #1117
• chore(deps): Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #1174

New Contributors

• @gkurz made their first contribution in #1131
• @step-security-bot made their first contribution in #1147
• @Park-Jiyeonn made their first contribution in #1152
• @Jakob-Naucke made their first contribution in #1163
• @arvindskumar99 made their first contribution in #1117

Full Changelog: v0.15.0...v0.16.0

v0.15.0

This is the version of Guest Components used with CoCo v0.16.0.

What's Changed

• workflows: Add scorecard workflow by @stevenhorsman in #1057
• rust 1.88 stable clippy fixes by @mythi in #1056
• Move HashAlgorithm to kbs_types by @ssolit in #1040
• Fix CVE in crossbeam-channel, curl-sys, openssl-src by @ANJANA-ARK in #1058
• hygon_dcu attester: fix detect_platform by @uril in #1064
• chore(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in #1060
• chore(deps): Bump github/codeql-action from 3.24.9 to 3.29.2 by @dependabot[bot] in #1059
• chore(deps): Bump async-compression from 0.4.25 to 0.4.27 by @dependabot[bot] in #1051
• chore(deps): Bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #1061
• chore(deps): Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #1067
• chore(deps): Bump serde_json from 1.0.140 to 1.0.141 by @dependabot[bot] in #1066
• AAEL | record AAEL in tcg2 format and merge with CCEL by @Xynnn007 in #1065
• chore(deps): Bump the go_modules group across 1 directory with 2 updates by @dependabot[bot] in #1068
• chore(deps): Bump rand from 0.9.1 to 0.9.2 by @dependabot[bot] in #1069
• chore(deps): Bump scroll from 0.12.0 to 0.13.0 by @dependabot[bot] in #1010
• chore(deps): Bump strum_macros from 0.27.1 to 0.27.2 by @dependabot[bot] in #1070
• chore(deps): Bump golang.org/x/net from 0.26.0 to 0.38.0 in /confidential-data-hub/golang in the go_modules group across 1 directory by @dependabot[bot] in #1071
• chore(deps): Bump tokio from 1.46.1 to 1.47.0 by @dependabot[bot] in #1073
• chore(deps): Bump az-tdx-vtpm from 0.7.1 to 0.7.3 by @dependabot[bot] in #1072
• chore(deps): Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #1079
• chore(deps): Bump strum from 0.27.1 to 0.27.2 by @dependabot[bot] in #1077
• evidence_getter fixes by @mythi in #1076
• chore(deps): Bump az-snp-vtpm from 0.7.1 to 0.7.4 by @dependabot[bot] in #1078
• attester: pin az-vtpm crates to 0.7.1 by @mkulke in #1082
• attester: add eventlog mechanism for CSV by @Xynnn007 in #1074
• chore(deps): Bump serde_json from 1.0.141 to 1.0.142 by @dependabot[bot] in #1083
• chore(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #1085
• cdh: disable eHSM by default by @mythi in #1086
• Update rstest from 0.17 to 0.26 by @musicinmybrain in #1089
• chore(deps): Bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #1087
• Add RTMR extending (AAEL event) to ASR by @Xynnn007 in #1075
• Add TPM attester by @bpradipt in #1050
• attester: tdx-attester: extend RTMRs by @mythi in #1025
• cargo: switch to coco kbs-types by @fitzthum in #1091
• Chore deps to fix some cves by @Xynnn007 in #1094
• chore(deps): Bump actions/attest-build-provenance from 2 to 3 by @dependabot[bot] in #1098
• chore(deps): Bump github/codeql-action from 3.29.9 to 3.30.1 by @dependabot[bot] in #1099
• chore(deps): Bump thiserror from 2.0.12 to 2.0.16 by @dependabot[bot] in #1096
• attestation-agent: bump az-vtpm crates to 0.7.4 by @mkulke in #1097
• Chore(deps): update devicemapper to 0.34.5 by @Xynnn007 in #1095
• chore(deps): Bump ctrlc from 3.4.7 to 3.5.0 by @dependabot[bot] in #1101
• add nvidia-attester by @mythi in #1016
• chore(deps): Bump log from 0.4.27 to 0.4.28 by @dependabot[bot] in #1102
• chore(deps): Bump uuid from 1.17.0 to 1.18.1 by @dependabot[bot] in #1103
• chore(deps): Bump oci-spec from 0.8.1 to 0.8.2 by @dependabot[bot] in #1100
• protos: bring all proto generation logic to a separate crate by @Xynnn007 in #1090
• chore(deps): Bump async-compression from 0.4.27 to 0.4.30 by @dependabot[bot] in #1106
• chore(deps): Bump anyhow from 1.0.98 to 1.0.99 by @dependabot[bot] in #1105
• chore(deps): Bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #1104
• attestation-agent: bump SEV to 6.3.1 by @AdithyaKrishnan in #1107
• chore(deps): Bump picky-asn1-x509 from 0.14.5 to 0.14.6 by @dependabot[bot] in #1108
• chore(deps): Bump serde from 1.0.219 to 1.0.225 by @dependabot[bot] in #1109

New Contributors

• @ssolit made their first contribution in #1040
• @ANJANA-ARK made their first contribution in #1058
• @musicinmybrain made their first contribution in #1089
• @AdithyaKrishnan made their first contribution in #1107

Full Changelog: v0.14.0...v0.15.0

v0.14.0

What's Changed

• AA/CDH: some fix-up work to support moving image-pull to CDH by @Xynnn007 in #985
• ci: disable link checker temporarily by @Xynnn007 in #996
• AA | Fix AAEL recording when there is an empty eventlog file by @Xynnn007 in #993
• chore(deps): Bump tokio from 1.44.2 to 1.45.0 by @dependabot[bot] in #992
• chore(deps): Bump ttrpc from 0.8.4 to 0.8.5 by @dependabot[bot] in #994
• rust 1.87.0 fixes by @mythi in #1003
• chore(deps): Bump ctrlc from 3.4.6 to 3.4.7 by @dependabot[bot] in #998
• chore(dep): update tempfile to 3.20 by @Xynnn007 in #1001
• Update SNP Attester by @DGonzalezVillal in #990
• chore(deps): Bump nix from 0.29.0 to 0.30.1 by @dependabot[bot] in #1005
• chore(deps): Bump josekit from 0.10.1 to 0.10.2 by @dependabot[bot] in #1006
• chore(sigstore): update to v0.12.0 version by @Xynnn007 in #999
• chore(deps): Bump josekit from 0.10.2 to 0.10.3 by @dependabot[bot] in #1007
• CDH/image-rs | promote error information printing by @Xynnn007 in #995
• chore(deps): Bump tokio from 1.45.0 to 1.45.1 by @dependabot[bot] in #1011
• chore(deps): Bump uuid from 1.16.0 to 1.17.0 by @dependabot[bot] in #1008
• chore(deps): Bump openssl from 0.10.72 to 0.10.73 by @dependabot[bot] in #1014
• Bumping SEV library to 6.2.1 by @DGonzalezVillal in #1012
• chore(deps): Bump tdx-attest-rs from DCAP_1.22 to DCAP_1.23 by @dependabot[bot] in #1015
• chore(deps): Bump toml from 0.8.22 to 0.8.23 by @dependabot[bot] in #1018
• chore(deps): Bump flate2 from 1.1.1 to 1.1.2 by @dependabot[bot] in #1017
• fix(image-rs): make sure all parent folders exist before mknod by @liudalibj in #1023
• attester/tdx: fix build error for feature tdx-attest-dcap-ioctls by @Xynnn007 in #1021
• Multi-Device Attestation (Take 2) by @fitzthum in #991
• chore(deps): Bump cfg-if from 1.0.0 to 1.0.1 by @dependabot[bot] in #1019
• kbs_protocol: update rcar_client test policy rules by @mythi in #1028
• bump rust toolchain to 1.85.1 by @mythi in #1026
• chore(deps): Bump async-compression from 0.4.23 to 0.4.25 by @dependabot[bot] in #1029
• chore(deps): Bump serde_with from 3.12.0 to 3.13.0 by @dependabot[bot] in #1030
• CDH: adds support to read auth URI from the env by @Xynnn007 in #1037
• CDH: add registy configuration item for example config by @Xynnn007 in #1036
• chore(deps): Bump ttrpc from 0.8.5 to 0.8.6 by @dependabot[bot] in #1039
• CDH: execute config unit test serially by @Xynnn007 in #1042
• chore(deps): Bump serde_with from 3.13.0 to 3.14.0 by @dependabot[bot] in #1044
• chore(deps): Bump xattr from 1.5.0 to 1.5.1 by @dependabot[bot] in #1041
• chore(deps): Bump tokio from 1.45.1 to 1.46.0 by @dependabot[bot] in #1046
• chore(deps): Bump tokio from 1.46.0 to 1.46.1 by @dependabot[bot] in #1048
• Add Hygon DCU device attestation support by @Xynnn007 in #1045
• AA | Add initdata plaintext support by @Xynnn007 in #1031
• ci: fix image-rs and ocicrypt-rs build dependency installation by @mythi in #1054
• Fix | s390x composite evidence get failed by @Xynnn007 in #1055
• image-rs: Support registry config setting via initdata by @Apokleos in #1047

New Contributors

• @DGonzalezVillal made their first contribution in #990
• @liudalibj made their first contribution in #1023
• @Apokleos made their first contribution in #1047

Full Changelog: v0.13.0...v0.14.0

v0.13.0

What's Changed

• chore(deps): Bump tokio from 1.43.0 to 1.44.0 by @dependabot in #938
• chore(deps): Bump serde from 1.0.218 to 1.0.219 by @dependabot in #939
• chore(deps): Bump reqwest from 0.12.12 to 0.12.14 by @dependabot in #943
• chore(deps): Bump async-compression from 0.4.20 to 0.4.21 by @dependabot in #948
• image-rs: delete duplicated unit test case by @Xynnn007 in #945
• chore(deps): Bump async-trait from 0.1.87 to 0.1.88 by @dependabot in #952
• chore(deps): Bump tokio from 1.44.0 to 1.44.1 by @dependabot in #951
• chore: update sequoia-openpgp to 2.0.0 by @Xynnn007 in #946
• chore(deps): Bump rsa from 0.9.7 to 0.9.8 by @dependabot in #953
• chore(deps): Bump tempfile from 3.18.0 to 3.19.1 by @dependabot in #954
• chore(deps): Bump ring from 0.17.13 to 0.17.14 by @dependabot in #955
• chore(deps): Bump env_logger from 0.11.6 to 0.11.7 by @dependabot in #956
• chore(deps): Bump tokio-util from 0.7.13 to 0.7.14 by @dependabot in #950
• chore(deps): Bump uuid from 1.15.1 to 1.16.0 by @dependabot in #958
• chore(deps): Bump reqwest from 0.12.14 to 0.12.15 by @dependabot in #959
• chore(deps): Bump log from 0.4.26 to 0.4.27 by @dependabot in #960
• chore(deps): Bump async-compression from 0.4.21 to 0.4.22 by @dependabot in #961
• attesters: improve sample warning by @fitzthum in #962
• image-rs | Add Registry Configuration by @Xynnn007 in #944
• chore(deps): Bump flate2 from 1.1.0 to 1.1.1 by @dependabot in #963
• chore(deps): Bump env_logger from 0.11.7 to 0.11.8 by @dependabot in #964
• ocicrypt-rs: fix doc comment format by @fitzthum in #968
• lint: fix lint errors by @Xynnn007 in #969
• chore(deps): Bump anyhow from 1.0.97 to 1.0.98 by @dependabot in #970
• chore(deps): Bump openssl from 0.10.71 to 0.10.72 by @dependabot in #966
• chore(deps): Bump ctrlc from 3.4.5 to 3.4.6 by @dependabot in #965
• chore(deps): Bump tokio from 1.44.1 to 1.44.2 by @dependabot in #972
• chore(deps): Bump serde_with from 1.14.0 to 3.12.0 by @dependabot in #971
• chore(deps): Bump assert_cmd from 2.0.16 to 2.0.17 by @dependabot in #973
• chore(deps): Bump rand from 0.9.0 to 0.9.1 by @dependabot in #974
• toolchain: add rust toolchain file by @Xynnn007 in #975
• chore(deps): Bump async-compression from 0.4.22 to 0.4.23 by @dependabot in #976
• chore(deps): Bump tokio-util from 0.7.14 to 0.7.15 by @dependabot in #978
• chore(deps): Bump oci-spec from 0.7.1 to 0.8.0 by @dependabot in #977
• AA: set default URL field for coco_as and kbs token field by @Xynnn007 in #980
• chore(deps): Bump toml from 0.8.20 to 0.8.21 by @dependabot in #983
• chore(deps): Bump oci-spec from 0.8.0 to 0.8.1 by @dependabot in #982
• CDH & AA | Feature fix and ttrpc proto updates by @Xynnn007 in #984
• chore(deps): Bump strum from 0.26.3 to 0.27.1 by @dependabot in #979
• chore(deps): Bump toml from 0.8.21 to 0.8.22 by @dependabot in #986
• chore(deps): Bump chrono from 0.4.40 to 0.4.41 by @dependabot in #988
• chore(deps): Bump sha2 from 0.10.8 to 0.10.9 by @dependabot in #989

Full Changelog: v0.12.0...v0.13.0

v0.12.0

This is the version of guest-components (including image-rs) that is used with CoCo v0.13.0

What's Changed

• chore(deps): Bump async-trait from 0.1.84 to 0.1.85 by @dependabot in #869
• chore(deps): Bump serde_json from 1.0.134 to 1.0.135 by @dependabot in #870
• chore(deps): Bump pin-project-lite from 0.2.15 to 0.2.16 by @dependabot in #871
• Update docs to point to correct coco-keyprovider by @portersrc in #872
• image-rs: removed unused lifetime annotation by @mkulke in #875
• chore(deps): Bump thiserror from 2.0.9 to 2.0.10 by @dependabot in #874
• chore(deps): Bump uuid from 1.11.0 to 1.11.1 by @dependabot in #873
• chore(deps): Bump utoipa from 5.3.0 to 5.3.1 by @dependabot in #866
• chore(deps): Bump thiserror from 2.0.10 to 2.0.11 by @dependabot in #877
• chore(deps): Bump tokio from 1.42.0 to 1.43.0 by @dependabot in #878
• chore(deps): Bump log from 0.4.22 to 0.4.25 by @dependabot in #880
• chore(deps): Bump uuid from 1.11.1 to 1.12.0 by @dependabot in #879
• KBS-Protocol | Add AAEvidenceProvider implementation by @Xynnn007 in #868
• image-rs: fix broken link by @fitzthum in #884
• chore(deps): Bump ttrpc from 0.8.2 to 0.8.4 by @dependabot in #886
• chore(deps): Bump serde_json from 1.0.135 to 1.0.137 by @dependabot in #882
• chore(deps): Bump shadow-rs from 0.37.0 to 0.38.0 by @dependabot in #887
• Licenses and trustee-attester fixes by @uril in #888
• chore(deps): Bump uuid from 1.12.0 to 1.12.1 by @dependabot in #883
• chore(deps): Bump tempfile from 3.14.0 to 3.16.0 by @dependabot in #892
• chore(deps): Bump openssl from 0.10.68 to 0.10.70 by @dependabot in #893
• chore(deps): Bump serde_json from 1.0.137 to 1.0.138 by @dependabot in #891
• chore(deps): Bump uuid from 1.12.1 to 1.13.1 by @dependabot in #894
• chore(deps): Bump async-trait from 0.1.85 to 0.1.86 by @dependabot in #895
• chore(deps): Bump toml from 0.8.19 to 0.8.20 by @dependabot in #897
• chore(deps): Bump strum_macros from 0.26.4 to 0.27.0 by @dependabot in #899
• chore: update rand from 0.8.5 to 0.9.0 by @Xynnn007 in #900
• ci: Enable ci tests on arm64 by @seungukshin in #890
• chore(deps): Bump prost from 0.13.4 to 0.13.5 by @dependabot in #904
• attester: tdx: make libtdx-attest optional by @mythi in #905
• image-rs: replace krata-tar-rs to astral-tokio-tar by @Xynnn007 in #908
• chore(deps): Bump strum_macros from 0.27.0 to 0.27.1 by @dependabot in #912
• [Build] Change default LIBC to musl in cdh Makefile by @portersrc in #911
• chore(deps): Bump ring from 0.17.8 to 0.17.9 by @dependabot in #907
• chore(deps): Bump shadow-rs from 0.38.0 to 0.38.1 by @dependabot in #903
• image-rs: use index for layers store path by @squarti in #902
• image-rs: enable rustls-native-certs when using rustls by @Xynnn007 in #913
• AA/kbs_protocol: Update to 0.2.0 to fix JWE decryption logic due to RFC7516 by @Xynnn007 in #820
• [Build] Stop build.rs from triggering due to protoc output for hub by @portersrc in #910
• ci: allow CDH ci to be triggered by image-rs changes by @Xynnn007 in #921
• chore(deps): Bump serde_json from 1.0.138 to 1.0.139 by @dependabot in #915
• cdh: allow Trustee to bump Aliyun KMS plugin by @mythi in #919
• CI: delete musl build for CDH by @Xynnn007 in #923
• chore(deps): Bump uuid from 1.13.1 to 1.14.0 by @dependabot in #920
• chore(deps): Bump tempfile from 3.16.0 to 3.17.1 by @dependabot in #914
• chore(deps): Bump zstd from 0.13.2 to 0.13.3 by @dependabot in #924
• chore(deps): Bump openssl from 0.10.70 to 0.10.71 by @dependabot in #926
• chore(deps): Bump flate2 from 1.0.35 to 1.1.0 by @dependabot in #925
• deps: update to protobuf 3.7.1 by @fitzthum in #922
• resource-uri: make repository part of resource path mandatory in docs by @pmores in #933
• chore(deps): Bump utoipa from 5.3.0 to 5.3.1 by @dependabot in #927
• AA: deletes UpdateConfiguration API and add --initdata launch parameter by @Xynnn007 in #667
• Go back to Rust 1.80.0 by @fitzthum in #937
• Revert moving KMS into CDH by @fitzthum in #928
• chore(deps): Bump shadow-rs from 0.38.1 to 1.0.1 by @dependabot in #934
• coco_keyprovider: abondon shadow dependency by @Xynnn007 in #941

New Contributors

• @pmores made their first contribution in #933

Full Changelog: v0.11.0...v0.12.0

v0.11.0

The v0.11.0 release of guest-components is used in Confidential Containers v0.12.0. CoCo v0.12.0 did not bump image-rs and is using the version from the previous guest-components release.

What's Changed

• release: Publish vendored code by @fidencio in #722
• Update README.md by @vuquangthinh in #724
• AA: Update CcaAttester to use TSM Report ABI by @mathias-arm in #595
• AA: kbs: Improve handling of invalid RCAR JSON by @jodh-intel in #723
• Fix configuration file default value and make error information more detailed by @Xynnn007 in #726
• chore(deps): Bump oci-client from 0.12.0 to 0.12.1 by @dependabot in #721
• chore(deps): Bump serde_json from 1.0.122 to 1.0.128 by @dependabot in #720
• attestation-agent: default to ttrpc in Makefile by @mkulke in #728
• cdh:golang: fix typo in README by @ChengyuZhu6 in #730
• attestation-agent: add flag 'enable_eventlog' to aa example config by @ChengyuZhu6 in #729
• chore(deps): Bump tdx-attest-rs from DCAP_1.21 to DCAP_1.22 by @dependabot in #733
• chore(deps): Bump serde from 1.0.209 to 1.0.210 by @dependabot in #732
• chore: update prost/tonic/tonic-build deps by @Xynnn007 in #719
• CI: Publish binaries with ORAS by @mkulke in #731
• docs: Fix misspelling in IMAGE ENCRYPTION document by @GabyCT in #738
• gha: Do not use oras-project/setup-oras for s390x by @BbolroC in #739
• ci: skip oras setup for s390x builds by @mkulke in #740
• gha: Fix condition for skipping ORAS installation on s390x by @BbolroC in #741
• ci: fix multi-arch oci publish for AA by @mkulke in #742
• chore(deps): Bump flate2 from 1.0.31 to 1.0.34 by @dependabot in #735
• chore(deps): Bump tempfile from 3.12.0 to 3.13.0 by @dependabot in #736
• chore(deps): Bump thiserror from 1.0.63 to 1.0.64 by @dependabot in #743
• chore(deps): Bump const_format from 0.2.32 to 0.2.33 by @dependabot in #744
• chore(deps): Bump tokio from 1.39.3 to 1.40.0 by @dependabot in #746
• chore(deps): Bump tokio-util from 0.7.11 to 0.7.12 by @dependabot in #745
• chore(deps): Bump futures-util from 0.3.30 to 0.3.31 by @dependabot in #748
• chore(deps): Bump async-compression from 0.4.12 to 0.4.14 by @dependabot in #747
• chore(deps): Bump lycheeverse/lychee-action from 1 to 2 by @dependabot in #750
• chore(deps): Bump filetime from 0.2.23 to 0.2.25 by @dependabot in #751
• chore(deps): Bump oci-spec from 0.6.8 to 0.7.0 by @dependabot in #752
• drop deprecated eaa_kbc + move gh actions to Ubuntu 24.04 by @mythi in #734
• chore(deps): Bump futures from 0.3.30 to 0.3.31 by @dependabot in #754
• chore(deps): Bump anyhow from 1.0.87 to 1.0.89 by @dependabot in #753
• CDH | Fix ttrpc memory bug and gRPC lock bug by @Xynnn007 in #727
• Image-rs & CDH | Refactoring and use the same ImageClient by @Xynnn007 in #708
• chore(deps): Bump reqwest from 0.12.5 to 0.12.8 by @dependabot in #756
• chore(deps): Bump devicemapper from 0.34.3 to 0.34.4 by @dependabot in #758
• chore(deps): Bump uuid from 1.10.0 to 1.11.0 by @dependabot in #759
• chore(deps): Bump shadow-rs from 0.33.0 to 0.35.1 by @dependabot in #762
• chore(deps): Bump openssl from 0.10.66 to 0.10.68 by @dependabot in #761
• chore(deps): Bump prost from 0.13.2 to 0.13.3 by @dependabot in #766
• chore(deps): Bump shadow-rs from 0.35.1 to 0.35.2 by @dependabot in #767
• CDH | add one-shot CDH by @Xynnn007 in #768
• attester: rename check_init_data => bind_init_data by @mkulke in #769
• chore(deps): Bump oci-client from 0.13.0 to 0.14.0 by @dependabot in #770
• chore(deps): Bump async-trait from 0.1.82 to 0.1.83 by @dependabot in #771
• docs: Fix misspelling in image auth documentation by @GabyCT in #773
• chore(deps): Bump thiserror from 1.0.64 to 1.0.65 by @dependabot in #775
• chore(deps): Bump utoipa from 3.5.0 to 5.1.3 by @dependabot in #774
• chore(deps): Bump tokio from 1.40.0 to 1.41.0 by @dependabot in #778
• chore(deps): Bump anyhow from 1.0.89 to 1.0.91 by @dependabot in #777
• chore(deps): Bump jwt-simple from 0.12.9 to 0.12.10 by @dependabot in #780
• chore(deps): Bump thiserror from 1.0.65 to 1.0.66 by @dependabot in #779
• chore(deps): Bump serde from 1.0.210 to 1.0.214 by @dependabot in #781
• chore(deps): Bump utoipa from 5.1.3 to 5.2.0 by @dependabot in #782
• chore(deps): Bump thiserror from 1.0.66 to 1.0.68 by @dependabot in #784
• chore(deps): Bump serde_json from 1.0.128 to 1.0.132 by @dependabot in #783
• kbs_protocol: update KBS config for test_client tests by @mythi in #788
• Bump csv-rs for openssl 3 support by @EmmEff in #785
• CDH/KMS: remove ehsm from defaut features by @Xynnn007 in #792
• chore(deps): Bump anyhow from 1.0.91 to 1.0.93 by @dependabot in #786
• chore(deps): Bump reqwest from 0.12.8 to 0.12.9 by @dependabot in #787
• chore(deps): Bump pin-project-lite from 0.2.14 to 0.2.15 by @dependabot in #790
• cdh: use b64url encoding in sealed-secrets JWS by @mkulke in #794
• chore(deps): Bump tokio from 1.41.0 to 1.41.1 by @dependabot in #797
• chore(deps): Bump tempfile from 3.13.0 to 3.14.0 by @dependabot in #796
• chore(deps): Bump async-compression from 0.4.14 to 0.4.17 by @dependabot in #795
• chore(deps): Bump oci-spec from 0.7.0 to 0.7.1 by @dependabot in #798
• AA: fix CoCoAS Token getter by @Xynnn007 in #801
• chore(deps): Bump thiserror from 1.0.68 to 2.0.3 by @dependabot in #802
• chore(deps): Bump serde from 1.0.214 to 1.0.215 by @dependabot in #800
• chore(deps): Bump serial_test from 3.1.1 to 3.2.0...

v0.10.0

What's Changed

• CDH | Add Aliyun STS Token support for KMS by @Xynnn007 in #591
• chore(deps): Bump url from 2.5.1 to 2.5.2 by @dependabot in #594
• Revert "Handle gzip whiteouts correctly" by @stevenhorsman in #603
• cdh:golang support to dynamic generate go code with proto file by @ChengyuZhu6 in #605
• image-rs: make tar reader async by @Xynnn007 in #602
• dep: update protobuf to v3.5.0 by @Xynnn007 in #609
• AA | Add Eventlog Recording for Attestation Agent by @Xynnn007 in #548
• attester: implement runtime measurement for az vtpm TEEs by @mkulke in #610
• AA: fallback to pcr in configfile in extend operations by @mkulke in #612
• chore(deps): Bump tokio from 1.36.0 to 1.38.0 by @dependabot in #611
• AA: handle multiline content in log events by @mkulke in #615
• image-rs: update cosign signed image test materials by @Xynnn007 in #618
• image-rs: bail out if unable to get registry auth credentials by @wainersm in #620
• cdh: support to encrypt block device by @ChengyuZhu6 in #617
• CDH/KMS: update aliyun KMS client key encoding by @Xynnn007 in #621
• cdh:storage: Add -u flag to mktemp to avoid file creation by @ChengyuZhu6 in #622
• cdh/kms: modify get_secret() function by @1570005763 in #624
• image-rs: Support to reuse meta_store by @ChengyuZhu6 in #623
• CDH/KMS: mark Get trait immutable by @Xynnn007 in #625
• AA: add GetTeeType API by @Xynnn007 in #613
• ci: fix doc_lazy_continuation findings with Rust 1.80.0 by @mythi in #629
• AA: add flag to enable eventlog by @Xynnn007 in #627
• ocicrypt-rs: dont't swallow pre_unwrap_key() error by @mkulke in #630
• ci: increase open-pull-requests-limit from 1 to 3 by @arronwy in #638
• GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in #637
• chore(deps): Bump serial_test from 2.0.0 to 3.1.1 by @dependabot in #640
• chore(deps): Bump oci-spec from 0.6.5 to 0.6.7 by @dependabot in #639
• chore(deps): Bump tokio from 1.38.0 to 1.39.2 by @dependabot in #642
• chore(deps): Bump log from 0.4.21 to 0.4.22 by @dependabot in #643
• ci: Remove duplicate build when a PR is merged to main by @arronwy in #644
• GHA: Introduce cancel-in-progress by @BbolroC in #647
• GHA: Fix condition for duplicate checks post-merge by @BbolroC in #648
• chore(deps): Bump base64 from 0.21.7 to 0.22.0 by @dependabot in #646
• chore(deps): Bump thiserror from 1.0.57 to 1.0.63 by @dependabot in #645
• attestation-agent: Extend ResourceUri to support query string by @cclaudio in #634
• chore(deps): Bump assert_cmd from 1.0.8 to 2.0.15 by @dependabot in #649
• chore(deps): Bump serde_json from 1.0.117 to 1.0.122 by @dependabot in #654
• Improve KBS protocol version handling and bump the version to v0.1.1 due to kbs-types changes by @mythi in #628
• chore(deps): Bump uuid from 1.7.0 to 1.10.0 by @dependabot in #656
• chore(deps): Bump flate2 from 1.0.28 to 1.0.31 by @dependabot in #650
• image-rs: update cosign signature verification unit test by @Xynnn007 in #658
• chore(deps): Bump serde from 1.0.197 to 1.0.205 by @dependabot in #660
• chore(deps): Bump tokio-util from 0.7.10 to 0.7.11 by @dependabot in #659
• add vault support to secret-cli tool by @fitzthum in #631
• chore(deps): Bump strum_macros from 0.26.2 to 0.26.4 by @dependabot in #663
• initdata: add initdata hash in ibmse evidence by @huoqifeng in #616
• cdh: improves the luks-encrypt-storage script by @wainersm in #666
• chore(deps): Bump shadow-rs from 0.23.0 to 0.32.0 by @dependabot in #668
• chore(deps): Bump tdx-attest-rs from DCAP_1.20 to DCAP_1.21 by @dependabot in #662
• deps: upgrade oci-distribution to v0.12.0 by @burgerdev in #665
• chore(deps): Bump toml from 0.8.14 to 0.8.19 by @dependabot in #671
• chore(deps): Bump openssl from 0.10.64 to 0.10.66 by @dependabot in #676
• chore(deps): Bump reqwest from 0.12.4 to 0.12.5 by @dependabot in #677
• AA: avoid creating AAEL if it is disabled by @Xynnn007 in #678
• ci: fix the CoCoKeyprovider image pushing logic by @Xynnn007 in #673
• keyprovider: Pin a specific version of skopeo by @fidencio in #669
• lint: fix rust lint error by @Xynnn007 in #680
• cdh:storage: Refactor luksFormat command to use --batch-mode by @ChengyuZhu6 in #679
• chore(deps): Bump tokio from 1.39.2 to 1.39.3 by @dependabot in #682
• AA: fix timeout when processing multiple incoming requests by @imlk0 in #681
• chore(deps): Bump strum from 0.25.0 to 0.26.3 by @dependabot in #683
• chore(deps): Bump sequoia-openpgp from 1.20.0 to 1.21.2 by @dependabot in #686
• chore(deps): Bump assert_cmd from 2.0.15 to 2.0.16 by @dependabot in #685
• chore(deps): Bump dircpy from 0.3.16 to 0.3.19 by @dependabot in #693
• docs: add coco_keyprovider to tools section by @fitzthum in #695
• chore(deps): Bump serde from 1.0.205 to 1.0.209 by @dependabot in #696
• image-rs: check xattrs for target dir when image unpacking by @Xynnn007 in #691
• chore(deps): Bump lazy_static from 1.4.0 to 1.5.0 by @dependabot in #697
• cdh:golang: Add support for SecureMount in the go client tool by @ChengyuZhu6 in #700
• chore(deps): Bump async-compression from 0.4.10 to 0.4.12 by @dependabot in #701
• chore(deps): Bump zstd from 0.12.4 to 0.13.1 by @dependabot in #703
• update CODEOWNERS by @mythi in #704
• image-rs: Handle gzip whiteouts correctly by @squarti in https://github.com/confidential-containers/guest-components/p...

v0.9.0

What's Changed

• aa/attester: Update csv-rs dep to rev 9d8882e. by @BaoshunFang in #388
• image-rs: change namespace of ICR images by @mattarnoatibm in #383
• image-rs: fix nightly lint error by @Xynnn007 in #390
• api-server-rest: Add actionable error message for ttrcp client by @arronwy in #389
• CDH add unwrapkey API by @Xynnn007 in #349
• Fix link error by @Xynnn007 in #393
• Cca: list Arm CCA as one of CC KBC attesters by @chendave in #391
• CI for Confidential Data Hub by @Xynnn007 in #395
• Cargo.lock: update dep by @Xynnn007 in #396
• cdh: add secure mount feature in cdh by @LindaYu17 in #345
• Attester: Update CSV evidence format by @jialez0 in #398
• attestion-agent: bump az_snp_vtpm attester version by @mkulke in #399
• CDH: add en/decrypt support for eHSM-KMS by @1570005763 in #359
• update peerpod daemon.json path by @katexochen in #401
• ocicrypt-rs: regenerate keyprovider g/ttrpc code by @mkulke in #405
• image-rs: fix image layer ordering by @mkulke in #404
• AA: Add API to extend measurement register at runtime by @jialez0 in #392
• kbs-types and sigstore updates by @mythi in #408
• Makefile: add platform Makefile to quickly build guest component binaries by @Xynnn007 in #407
• CDH/eHSM: add features for eHSM support by @Xynnn007 in #409
• Update CI and ttrpc built proto files by @Xynnn007 in #411
• chore(deps): update sigstore-rs to 0.8.0 and oci-distribution to 0.10.0 by @mythi in #414
• AA/kbs_protocol: fix RCAR handshake protocol by @Xynnn007 in #406
• Random key generation by @piotrpalcz in #385
• image-rs: enable the test of reading credentials from auth config by @ChengyuZhu6 in #421
• image-rs: Redefine constructions of ImageClient and ImageConfig by @ChengyuZhu6 in #416
• attester: add evidence_getter binary by @Xynnn007 in #418
• attestation-agent: add az-tdx-vtpm attester by @mkulke in #375
• AA: fix CI failure by @1570005763 in #424
• Makefile: add more platforms to Makefile by @fitzthum in #425
• sample: always enable sample attester by @fitzthum in #426
• aa/cdh: make agent-config path configurable by env by @mkulke in #429
• cocokeyprovider: add support for daemonize by @Xynnn007 in #417
• Fixes mount parameter order in CDH/Storage/OSS by @Xynnn007 in #432
• Move AA abilities to CDH by @Xynnn007 in #427
• build: Rename the feature flag and set default by @bpradipt in #437
• AA/kbs_protocol: fix the RCAR handshake unit test by @Xynnn007 in #438
• image-rs: fix integration test by @Xynnn007 in #441
• CDH: add get_secret support for Aliyun KMS by @1570005763 in #423
• aa_kbc_params: centralize handling in CDH and AA by @mkulke in #440
• chore(deps): Bump actions/cache from 3 to 4 by @dependabot in #445
• Update az snp vtpm to 0.5 by @surajssd in #436
• aa: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #448
• AA: Support get CoCo-AS Attestation Token by @jialez0 in #449
• Makefile: support to build components for all platforms and amd by @Xynnn007 in #453
• RFC: attester: tdx: try not to error on broken report_data by @mythi in #452
• cdh/kms:add 'Aliyun' as 'VaultProvider' by @1570005763 in #455
• Nit Fix: remove abandoned file for backup by @jialez0 in #457
• AA: Add coco_as feature to cc_kbc to default support CoCo-AS by @jialez0 in #459
• cdh/kms: add default value for "AliSecretAnnotations" by @1570005763 in #458
• deps: Update az-snp-vtpm & az-tdx-vtpm to 0.5.1 by @surajssd in #460
• AA: Add Config file mechanism by @jialez0 in #454
• Fix: Use strum string to parse AA token type string by @jialez0 in #463
• keyprovider: extend docker image and documentation by @mkulke in #451
• AA: Add API of CheckInitData by @Xynnn007 in #462
• workflow: trigger nydus test in workflow by @ChengyuZhu6 in #433
• ci: install DCAP packages from Jammy repo by @mythi in #350
• chore(deps): Bump tdx-attest-rs from DCAP_1.16 to DCAP_1.20 by @dependabot in #442
• Cargo.lock: Update dep of curve25519-dalek and x25519-dalek by @ChengyuZhu6 in #471
• chore(deps): Bump deranged from 0.3.10 to 0.3.11 by @dependabot in #472
• Replace unsafe NonNull::new_unchecked with NonNull:new by @pingzhaozz in #461
• CI: fix rust-nightly static checks by @portersrc in #476
• attester: add TSM REPORT module and move TDX to use it by @mythi in #434
• chore(deps): Bump http-auth from 0.1.8 to 0.1.9 by @dependabot in #475
• CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #477
• image-rs: add encrypted nydus image tests by @ChengyuZhu6 in #469
• chore(deps): Bump anyhow from 1.0.77 to 1.0.80 by @dependabot in #478
• chore(deps): Bump base64 from 0.21.5 to 0.21.7 by @dependabot in #479
• chore(deps): Bump k256 from 0.13.2 to 0.13.3 by @dependabot in #481
• CDH | Add configuration file when launching by @Xynnn007 in #444
• chore(deps): Bump tls_codec from 0.4.0 to 0.4.1 by @dependabot in #482
• chore(deps): Bump scroll from 0.11.0 to 0.12.0 by @dependabot in #483
• chore(deps): Bump dsa from 0.6.2 to 0.6.3 by @dependabot in #484
• attester: bump az-*-vtpm crates to 0.5.2 by @mkulke in #486
• AA/attester: add README docs by @Xynnn007 in #493
• cdh: make the config path configurable by env by @mkulke in https...

v0.8.0

What's Changed

• Add unit test case for unencrypted images by @portersrc in #287
• ci: refactor workflows by @katexochen in #275
• chore(deps): Bump actions/checkout from 2 to 3 by @dependabot in #176
• aa: Rename Occlum attester to SGX attester and add Gramine support to it by @mythi in #167
• attestation-agent/Attesters: refactor the trait of Attester by @Xynnn007 in #284
• Unify common deps to the same version in Cargo.toml of the worksppace by @Xynnn007 in #285
• Update base64 crate in guest-components by @Xynnn007 in #282
• image-rs: add image block device dm-verity and mount by @ChengyuZhu6 in #270
• ci: enable image-rs rust lint check for all features by @arronwy in #291
• aa: sgx-attester: update occlum_dcap to a tagged version by @mythi in #289
• chore(deps): Update strum requirement from 0.24 to 0.25 by @dependabot in #293
• image-rs: refine implementation of dm-verity by @jiangliu in #294
• chore(deps): Update strum_macros requirement from 0.24 to 0.25 by @dependabot in #297
• image-rs: add sha1 hash algorithm support in dm-verity by @ChengyuZhu6 in #300
• Provide builder for KBS Protocol Wrapper by @mkulke in #278
• Confidential-Datahub API definition and Sealed Secrets by @Xynnn007 in #288
• Added two security enhancements to AA by @jialez0 in #273
• Made Attester trait's get_evidence() async by @mkulke in #299
• image pull tests: replace image ref by @Xynnn007 in #301
• Add panic with error msg when test-async-pull-client fails by @portersrc in #303
• Update commands to generate test image and remove duplicated test case by @arronwy in #305
• image-rs: Fix the flaky CI with assert_retry by @arronwy in #306
• image-rs: change fallback kbs_uri from localhost to http://localhost by @mkulke in #308
• chore(deps): Update tonic-build requirement from 0.8.0 to 0.9.2 by @dependabot in #302
• chore(deps): Update env_logger requirement from 0.9.0 to 0.10.0 by @dependabot in #310
• kbs_protocol: use rusttls when rust-crypto feature is enabled by @mythi in #307
• chore(deps): Update oci-spec requirement from 0.5.8 to 0.6.2 by @dependabot in #311
• Refactor kbs client by @Xynnn007 in #304
• image-rs: enclave-cc updates by @mythi in #312
• chore(deps): Update async-compression requirement from 0.3.15 to 0.4.1 by @dependabot in #313
• Kbs protocol fix cargo toml by @Xynnn007 in #315
• Confidential DataHub Part 2: KMS support and unseal secret with KMS by @Xynnn007 in #309
• chore(deps): Update shadow-rs requirement from 0.5.25 to 0.23.0 by @dependabot in #316
• Fix: Initialization of tee type is lacked in get_token API by @jialez0 in #320
• Confidential DataHub Part 3: Define Vault API & Support GetResource API with KBS-Client & Sev support by @Xynnn007 in #319
• verity: support parsing options from remote snapshotter by @ChengyuZhu6 in #317
• Add initial support for a hygon csv attester by @BaoshunFang in #323
• Confidential DataHub Part 4: CDH binary & Attestation API for AA by @Xynnn007 in #322
• image: Add a function to get image name from remote by @ChengyuZhu6 in #324
• cargo: Fix the build dependency for eaa_kbc by @arronwy in #327
• image-rs: Update loopdev to latest master by @surajssd in #328
• image-rs: add feature gate for verity by @ChengyuZhu6 in #331
• Remove git reference for sev by @emanuellima1 in #334
• Initial implementation rest api server for CoCo by @arronwy in #325
• versions: Downgrade clap by @stevenhorsman in #337
• versions: Add tilde to clap dependency by @stevenhorsman in #339
• Fix enclave-cc dep by @Xynnn007 in #335
• ci: Use toolchain match the kata to replace the beta by @arronwy in #338
• aa/attester: Update csv-rs dep to rev bcf3bcc. by @BaoshunFang in #342
• Verity: Redefine functions to support kata by @ChengyuZhu6 in #343
• aa/attester: Update csv-rs dep to rev 05fbacd. by @BaoshunFang in #348
• Add Cargo.lock for consistent builds by @beraldoleal in #344
• workflows: Bump to rust 1.72 by @stevenhorsman in #356
• New tee type: CCA (Confidential Compute Architecture) by @chendave in #321
• Api server rest makefile by @stevenhorsman in #358
• Read agent config from file by @stevenhorsman in #365
• Fix cc kbc aa param config file parsing by @stevenhorsman in #368
• attestation-agent: fix extraction of peerpod kbs host addr extraction in token code by @mkulke in #371
• api-server-rest: fix aa_addr cli param by @mkulke in #370
• image-rs: Support simple signing with X-R-S-S by @mattarnoatibm in #372
• cdh/kms/kbs: raise warning when failed to read file for offline-fs-kbc by @Xynnn007 in #374
• Fix Aliyun KMS suite by @Xynnn007 in #376
• cdh/kms: add rustls-tls feature for aliyun by @Xynnn007 in #377
• Fix CDH & kbs_protocol by @Xynnn007 in #381
• chore(deps): Bump docker/login-action from 2 to 3 by @dependabot in #362
• chore(deps): Bump docker/build-push-action from 4 to 5 by @dependabot in #363
• ci: disable eaa-kbc ci for PR and Merge by @Xynnn007 in #386
• chore(deps): Bump actions/checkout from 3 to 4 by @dependabot in #351

New Contributors

• @ChengyuZhu6 made their first contribution in #270
• @BaoshunFang made their first contribution in #323
• @emanuellima1 made their first contribution in #334
• @beraldoleal made their first contribution in #344
• @chendave made their first contribution in #321

**Full...