v0.17.0

What's Changed

• feat(ci): add kbs-client-features to Azure vTPM e2e tests by @Xynnn007 in #1048
• build(deps): bump cfg-if from 1.0.3 to 1.0.4 by @dependabot[bot] in #1051
• build(deps): bump clap from 4.5.48 to 4.5.51 by @dependabot[bot] in #1053
• config: Update invalid admin type by @BbolroC in #1055
• as/verifier: Enable s390x to verify amd64 attesters by @BbolroC in #1052
• build(deps): bump serde_with from 3.15.0 to 3.15.1 by @dependabot[bot] in #1057
• build(deps): bump openssl from 0.10.73 to 0.10.75 by @dependabot[bot] in #1058
• build(deps): bump rsa from 0.9.8 to 0.9.9 by @dependabot[bot] in #1059
• kbs/pkcs11: changes need to follow NIST guidelines by @nmwael in #1024
• build(deps): bump rstest from 0.18.2 to 0.26.1 by @dependabot[bot] in #1062
• build(deps): bump config from 0.15.18 to 0.15.19 by @dependabot[bot] in #1063
• build(deps): bump bitflags from 2.9.4 to 2.10.0 by @dependabot[bot] in #1064
• build(deps): bump actix-web from 4.11.0 to 4.12.0 by @dependabot[bot] in #1065
• verifier: nvidia: don't write test results to filesystem by @mythi in #1070
• Intel dcap github address update by @pawelpros in #1069
• build(deps): bump serde_qs from 0.13.0 to 0.15.0 by @dependabot[bot] in #1067
• build(deps): bump regorus from 0.2.8 to 0.5.0 by @dependabot[bot] in #1066
• Parse Kata Agent Policy from Init-Data and Add Integration Test by @fitzthum in #1044
• eventlog: fix error message for mixing CCMR and RTMR by @Xynnn007 in #1068
• build(deps): bump serde_with from 3.15.1 to 3.16.0 by @dependabot[bot] in #1072
• build(deps): bump jwt-simple from 0.12.12 to 0.12.13 by @dependabot[bot] in #1071
• build(deps): bump clap from 4.5.51 to 4.5.53 by @dependabot[bot] in #1074
• build(deps): bump golang.org/x/crypto from 0.35.0 to 0.45.0 in /rvps/cgo in the go_modules group across 1 directory by @dependabot[bot] in #1073
• fix(doc): no Simple token anymore by @dongbeiouba in #1075
• policy: fix default gpu policy by @fitzthum in #1077
• Release: Update KBS for v0.16.0 by @lmilleri in #1076
• Dependabot/cargo/jsonwebtoken 10.2.0 manual by @Xynnn007 in #1054
• verifier/nvidia: update tcb claims document link by @Xynnn007 in #1080
• build(deps): bump actix-web from 4.12.0 to 4.12.1 by @dependabot[bot] in #1081
• build(deps): bump serde_with from 3.16.0 to 3.16.1 by @dependabot[bot] in #1082
• build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in #1083
• verifier: update link to NVIDIA license by @fitzthum in #1088
• build(deps): bump uuid from 1.18.1 to 1.19.0 by @dependabot[bot] in #1090
• Replace derivative dependency with educe by @Cropi in #1086
• Add extension support to Attestation Service policy by @fitzthum in #1079
• build(deps): bump tracing from 0.1.41 to 0.1.43 by @dependabot[bot] in #1084
• tests: tweak integration test cleanup by @fitzthum in #1089
• integration-tests: expand trust claims in integration test policies by @Xynnn007 in #1096
• build(deps): bump log from 0.4.28 to 0.4.29 by @dependabot[bot] in #1095
• build(deps): bump tracing-subscriber from 0.3.20 to 0.3.22 by @dependabot[bot] in #1094
• AS/Verifier: updated TDX ignored quote tests by @pawelpros in #1100
• build(deps): bump jsonwebkey from 0.3.5 to 0.4.0 by @dependabot[bot] in #1099
• build(deps): bump ghcr.io/devcontainers/features/common-utils from 2.5.4 to 2.5.5 by @dependabot[bot] in #1078
• Fix kbs Makefile, FEATURES variable may contain spaces by @dongbeiouba in #1104
• Kbs/fix resource path policy by @Xynnn007 in #1098
• build(deps): bump reqwest from 0.12.24 to 0.12.25 by @dependabot[bot] in #1101
• Add some validated identifiers by @fitzthum in #1103
• docs: sync API documentation and protocol spec with code implementation by @Xynnn007 in #1109
• build(deps): bump reqwest from 0.12.25 to 0.12.26 by @dependabot[bot] in #1110
• snp-verifier: http_cache_reqwest to cache vceks by @amd-aliem in #1061
• [kv-storage] add localfs/localjson plugin and rename simple to Memory by @Xynnn007 in #1108
• doc: fix broken links for IBM SEL by @BbolroC in #1116
• deps/kv: add error for postgres when set existing key by @Xynnn007 in #1113
• verifier: snp: run cargo fmt by @mythi in #1119
• deps/key-value-storage: fix lint warning about needless borrow by @mkulke in #1120
• attestation-service cert updates by @mythi in #1121
• build(deps): bump tracing from 0.1.43 to 0.1.44 by @dependabot[bot] in #1117
• build(deps): bump toml from 0.9.8 to 0.9.10+spec-1.1.0 by @dependabot[bot] in #1118
• build(deps): bump intel-tee-quote-verification-rs from DCAP_1.23 to DCAP_1.24 by @dependabot[bot] in #1122
• tests: fix intermittent test failure (maybe) by @fitzthum in #1125
• build(deps): bump reqwest from 0.12.26 to 0.12.28 by @dependabot[bot] in #1126
• dcap: skip supplemental data test by @fitzthum in #1127
• Update supplemental data test to generate dynamic data by @iroykaufman in #1133
• build(deps): bump tempfile from 3.23.0 to 3.24.0 by @dependabot[bot] in #1130
• run cargo fmt for dcap and fix as-rust.yml by @mythi in #1137
• CI: fix rvps rust check by @Xynnn007 in #1138
• build(deps): bump the github-actions group with 7 updates by @dependabot[bot] in #1139
• build(deps): bump rsa from 0.9.9 to 0.9.10 in the cargo group across 1 directory by @dependabot[bot] in #1143
• nvidia: make unit test generic and add cases by @fitzthum in #1144
• snp-verifier: offline vcek cache support by @amd-aliem in #1142
• DCAP build updates by @mythi in #1146
• Add nvswitch support to the nvidia verifier by @fitzthum in #1147
• Update Key-value-storage and policy-engine by @Xynnn007 in #1131

New Contributors

• @dongbeiouba made their first contribution in #1075
• @Cropi made their first contribution in #1086
• @amd-aliem made their first contribution in #1...

v0.16.0

This is the version of Trustee used with CoCo v0.17.0.

What's Changed

• build(deps): bump clap from 4.5.42 to 4.5.48 by @dependabot[bot] in #963
• kbs, deps: Fix clippy warnings by @tylerfanelli in #967
• kbs: update ITA v2 token claim paths by @mythi in #966
• Update rust-ear dependency by @tylerfanelli in #958
• kbs: Update kbs-types, remove duplicate definitions by @tylerfanelli in #960
• deps: update guest-components by @mkulke in #978
• PKCS11 fixes by @tylerfanelli in #973
• docker-compose: Enable Token Signing by @fitzthum in #979
• doc: Update IBM SE links by @stevenhorsman in #986
• Trustee unified CLI by @spotlesstofu in #776
• Release: Update KBS for v0.15.0 by @lmilleri in #994
• Add remote verifier for NVIDIA devices by @fitzthum in #977
• Add TPM verifier by @bpradipt in #851
• e2e-tests: readd azure tdx tests by @mkulke in #1001
• build(deps): bump env_logger from 0.10.2 to 0.11.8 by @dependabot[bot] in #998
• tests: add test for admin endpoints by @fitzthum in #995
• AS: fix ear trust vector claim names by @Xynnn007 in #996
• verifier/tpm: cargo fmt by @tylerfanelli in #1006
• ci: add verifier to rust lint test suites by @Xynnn007 in #1007
• CI fixes for Trustee CLI by @spotlesstofu in #999
• build(deps): bump roxmltree from 0.20.0 to 0.21.1 by @dependabot[bot] in #1004
• build(deps): bump the github-actions group across 1 directory with 12 updates by @Xynnn007 in #1005
• Feat/abondon simple token by @Xynnn007 in #997
• AS | Promote the logging with importing tracing crate by @Xynnn007 in #981
• e2e-test: remove type=Ear prop from test cfg by @mkulke in #1009
• ci: fix trustee-cli release by @Xynnn007 in #1008
• kbs/jwe: Add support for EC P-521 encryption keys by @tylerfanelli in #1003
• docs: Update commands in the kbs cluster documentation by @GabyCT in #473
• Improvements to NVIDIA remote verifier by @fitzthum in #1012
• nvidia-verifier: fix build when snp-verifier is not enabled by @mythi in #1013
• Add deps/key-value-storage crate by @Xynnn007 in #1000
• trustee-cli: add subject alternative name by @spotlesstofu in #1011
• ide: add DevContainer profiles to simplify onboarding by @nmwael in #990
• build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in #1020
• Add a unified policy engine implementation by @Xynnn007 in #1015
• kbs/pkcs11: minimal changes needed for working on an actual hsm by @nmwael in #991
• verifier: nvidia: change evidence encoding to base64 by @mythi in #1019
• trustee-cli: default to resource plugin by @spotlesstofu in #1022
• Add query_reference_value for AS policy by @Xynnn007 in #887
• Add Pluggable Admin Backends to KBS by @fitzthum in #1014
• chore(deps): update guest-components to version 5185b46 by @Xynnn007 in #1027
• fix(vault_kv): fix invalid UTF-8 error with binary secrets when using vault_kv plugin by @erasernoob in #976
• dependabot: bump open-pull-requests-limit to 3 by @mythi in #1032
• build(deps): bump x509-parser from 0.17.0 to 0.18.0 by @dependabot[bot] in #1033
• build(deps): bump regex from 1.12.1 to 1.12.2 by @dependabot[bot] in #1034
• build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in #1023
• tpm: update report data size from 64 to 32 bytes by @iroykaufman in #1021
• nvidia-verifier: use openssl crypto everywhere by @mythi in #1031
• Allow KBS Client to set init-data and add init-data integration test by @fitzthum in #1029
• refactor: remove sample_only feature from kbs-client by @Xynnn007 in #1030
• Parse Config Files in InitData to JSON by @fitzthum in #1038
• fix: improve swtpm cleanup robustness by @Xynnn007 in #1042
• build(deps): bump config from 0.14.1 to 0.15.18 by @dependabot[bot] in #1040
• build(deps): bump reqwest from 0.12.23 to 0.12.24 by @dependabot[bot] in #1039
• k8s: add nvida remote verifier support to k8s script by @fitzthum in #1035
• Http server: configurable number of worker threads by @lmilleri in #1037
• build(deps): bump tokio from 1.47.1 to 1.48.0 by @dependabot[bot] in #1045
• Manual version of Dependabot/cargo/tonic build 0.14.2 by @Xynnn007 in #1047
• cli: fixup Makefile by @fitzthum in #1043

New Contributors

• @erasernoob made their first contribution in #976
• @iroykaufman made their first contribution in #1021

Full Changelog: v0.15.0...v0.16.0

v0.15.0

This is the version of Trustee used with CoCo v0.16.0.

What's Changed

• kbs/config/kubernetes: update image tags for the release by @mythi in #852
• Make the integration tests more generic. by @fitzthum in #849
• verifier: fix csv hsk cek parsing by @Xynnn007 in #854
• build(deps): bump config from 0.13.4 to 0.14.1 by @dependabot[bot] in #857
• ci: add OpenSSF scorecard workflow and badge by @fitzthum in #858
• Move HashAlgorithm to kbs_types by @ssolit in #833
• build(deps): bump mobc from 0.8.5 to 0.9.0 by @dependabot[bot] in #859
• build(deps): bump github/codeql-action from 3.24.9 to 3.29.2 by @dependabot[bot] in #864
• build(deps): bump strum from 0.27.1 to 0.27.2 by @dependabot[bot] in #866
• build(deps): bump intel-tee-quote-verification-rs from DCAP_1.22 to DCAP_1.23 by @dependabot[bot] in #867
• build(deps): bump cryptoki from 0.9.0 to 0.10.0 by @dependabot[bot] in #868
• deps/eventlog: improve EV_IPL data parser by @pawelpros in #873
• build(deps): bump serde_with from 1.14.0 to 3.14.0 by @dependabot[bot] in #872
• deps/eventlog: fixed handling EV_IPL null byte by @pawelpros in #876
• verifier: added DCAP error description helper by @pawelpros in #869
• ci: remove pull_request_target trigger from e2e wf by @mkulke in #877
• doc(cca): Fix duration of the attestation result in AS config by @anta5010 in #878
• build(deps): bump toml from 0.8.23 to 0.9.2 by @dependabot[bot] in #879
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #880
• Eventlog | Support to parse AAEL by @Xynnn007 in #871
• eventlog: add sm3 hash algorithm by @Xynnn007 in #881
• build(deps): bump serde_json from 1.0.140 to 1.0.141 by @dependabot[bot] in #882
• Dockerfile: fix podman compatibility by @seungukshin in #874
• KBS: refactor in prometheus, active connections metric by @pmores in #870
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #865
• build(deps): bump az-tdx-vtpm from 0.7.1 to 0.7.2 by @dependabot[bot] in #884
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.35.0 in /rvps/cgo by @dependabot[bot] in #883
• github-action updates by @mythi in #885
• build(deps): bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group by @dependabot[bot] in #889
• build(deps): bump scroll from 0.12.0 to 0.13.0 by @dependabot[bot] in #815
• workflows: fixup token permissions by @fitzthum in #886
• build(deps): bump tokio from 1.46.1 to 1.47.1 by @dependabot[bot] in #892
• ci: fix permissions for nested workflows by @mkulke in #894
• build(deps): bump az-tdx-vtpm from 0.7.2 to 0.7.4 by @dependabot[bot] in #895
• ci: Propagate content:read from azure e2e workflow by @mkulke in #896
• verifier: pin az-vtpm crates to 0.7.1 by @mkulke in #899
• Verifier: Update CSV verifier to support AAEL parsing by @Xynnn007 in #891
• build(deps): bump clap from 4.5.41 to 4.5.42 by @dependabot[bot] in #901
• kbs: prometheus build info metric by @pmores in #893
• build(deps): bump toml from 0.9.2 to 0.9.5 by @dependabot[bot] in #906
• e2e-tests: run tests unprivileged by @mkulke in #905
• ci: harden gh action workflows by @mkulke in #897
• e2e-test: install tpm2-tools when required by @mkulke in #909
• build(deps): bump uuid from 1.17.0 to 1.18.0 by @dependabot[bot] in #911
• build(deps): bump slab from 0.4.10 to 0.4.11 in the cargo group by @dependabot[bot] in #912
• fix(verifier): Update az-vtpm crates and fix report verification by @yafu-1 in #902
• attestation-service: drop apt-key usage in Dockerfiles and tests by @mythi in #923
• Dockerfile: Bump base Ubuntu to 24.04 by @BbolroC in #924
• Bump SEV Crate to fix ARM build issue by @fitzthum in #931
• build(deps): bump serde_json from 1.0.141 to 1.0.143 by @dependabot[bot] in #921
• build(deps): bump tracing-subscriber from 0.3.19 to 0.3.20 in the cargo group by @dependabot[bot] in #933
• deps/eventlog: add digest match event data by @pawelpros in #922
• deps/verifier: Add DCAP supplemental data claims for SGX/TDX by @pawelpros in #929
• Rework Extractor Module Interface by @fitzthum in #913
• build(deps): bump scc from 2.3.4 to 2.4.0 by @dependabot[bot] in #935
• Chore: update deps by @Xynnn007 in #936
• deps/verifier: Change mapping values for TCB_STATUS by @pawelpros in #930
• lint: fix lint error by @Xynnn007 in #937
• build(deps): bump actix-rt from 2.10.0 to 2.11.0 by @dependabot[bot] in #939
• e2e-test: run tpm tests with sudo by @mkulke in #941
• AS: fix unit test with extra field for rvps by @Xynnn007 in #944
• kbs: fix config item in unit test by @Xynnn007 in #946
• build(deps): bump log from 0.4.27 to 0.4.28 by @dependabot[bot] in #943
• AS: allow underscore trustworthiness claim names in ear policy by @Xynnn007 in #945
• build(deps): bump anyhow from 1.0.98 to 1.0.99 by @dependabot[bot] in #948
• ita: Attestation v2 API and enable GPU verification by @mythi in #827
• e2e-test: disable azure TDX tests temporarily by @mkulke in #950
• deps/verifier: Revert vector result approach for TCB_STATUS by @pawelpros in #954
• docs: mark Simple token to be deprecated in v0.15.0 by @Xynnn007 in #953
• Improvements to Multi-Device Attestation by @fitzthum in #900
• attestation-policy is not protected by admin autentication by @esposem in #957
• docs: Reformat + aligned TEE available options by @pawelpros in #955
• verifier: Bump Max Supported Version of Attestation Report to 5 by @AdithyaKrishnan in #856
• kbs: Add top-level token search path by @tylerfanelli in #920
• KBS: Update kbs_protocol and kms rev by @AdithyaKrishnan in #961
• verifier: Add support for nvidia-verifier by @cclaudio in #890
• workflows: add .lycheeignore to skip sites that fail link checks by @mythi in https://github.com/confidential-containers/trustee/pul...

v0.14.0

This is the version of Trustee used with CoCo v0.15.0.

What's Changed

• build(deps): bump phf from 0.11.2 to 0.11.3 by @dependabot[bot] in #789
• docker-compose: add env var for RUST_LOG by @fitzthum in #788
• Fix a tiny typo in kbs document by @IsaacYangSLA in #790
• build(deps): bump document-features from 0.2.10 to 0.2.11 by @dependabot[bot] in #791
• build(deps): bump josekit from 0.10.1 to 0.10.2 by @dependabot[bot] in #794
• build(deps): bump crossbeam-utils from 0.8.20 to 0.8.21 by @dependabot[bot] in #796
• build(deps): bump is_debug from 1.0.1 to 1.1.0 by @dependabot[bot] in #797
• build(deps): bump quote from 1.0.38 to 1.0.40 by @dependabot[bot] in #798
• ci: dependabot: check direct cargo dependencies only by @mythi in #799
• build(deps): bump chrono from 0.4.38 to 0.4.41 by @dependabot[bot] in #800
• build(deps): bump sha2 from 0.10.8 to 0.10.9 by @dependabot[bot] in #803
• chore(deps): clean dependabot backlog by @mythi in #805
• attestation-policy: Add Azure vTPM details by @bpradipt in #804
• Add support for new EPYC generations and update VIRTEE SEV dependency by @DGonzalezVillal in #785
• policy: change expected SNP configuration values to Strings by @fitzthum in #807
• docker-compose: automatically generate admin keys by @fitzthum in #793
• Allow RVPS configuration via KBS by @fitzthum in #767
• build(deps): bump strum from 0.26.3 to 0.27.1 by @dependabot[bot] in #806
• AS/docs: updated parsed claims for TDX by @pawelpros in #809
• build(deps): bump jwt-simple from 0.12.10 to 0.12.12 by @dependabot[bot] in #808
• build(deps): bump openssl from 0.10.72 to 0.10.73 by @dependabot[bot] in #811
• RFC/Spec: spec for AAEL and CoCo Event Types by @Xynnn007 in #792
• kbs: add skeleton prometheus endpoint by @pmores in #775
• Bumpin SEV library to 6.2.1 by @DGonzalezVillal in #810
• KBS | refactor the integration test module and prometheus module by @Xynnn007 in #673
• build(deps): bump josekit from 0.10.2 to 0.10.3 by @dependabot[bot] in #817
• bump rust toolchain to 1.85.1 by @mythi in #818
• Support Multi-Device Attestation (Take 2) by @fitzthum in #786
• fix(doc): Add missing step to CCA smoke test by @thomas-fossati in #822
• AS: fix test cases and documents by @Xynnn007 in #824
• rvps: drop pre-processor / Ware abstraction by @fitzthum in #829
• rvps: drop HashValue abstraction by @fitzthum in #821
• Add support for Hashicorp vault as a resource backend by @bpradipt in #825
• deps/eventlog: added TCG2 events eventlog parsing library + policy usage by @pawelpros in #802
• sample-polcy: fixup affirming policy by @fitzthum in #835
• kbs-client: show file name when cannot read it by @liangxiao1 in #839
• deps/eventlog: add device path parsers for BootServicesApplication by @pawelpros in #838
• lint: fix code format with cargo fmt by @Xynnn007 in #843
• Use complex reference value types by @fitzthum in #840
• KBS: add initdata and runtimedata for KBS protocol by @Xynnn007 in #841
• Verifier: add hygon DCU verifier and fix CSV verifier by @Xynnn007 in #842
• Add initdata toml plaintext support by @Xynnn007 in #828
• Enable CORS support in trustee for browser scenario by @RodgerZhu in #850
• KBS: more prometheus metrics by @pmores in #816

New Contributors

• @IsaacYangSLA made their first contribution in #790
• @bpradipt made their first contribution in #804
• @DGonzalezVillal made their first contribution in #785
• @liangxiao1 made their first contribution in #839

Full Changelog: v0.13.0...v0.14.0

v0.13.0

What's Changed

• build(deps): bump scroll from 0.11.0 to 0.12.0 by @dependabot in #740
• Update attestation service source link in dockerfile by @RodgerZhu in #748
• kbs/plugins: Replace PKCS11 resource backend with its own plugin by @tylerfanelli in #735
• build(deps): bump time from 0.3.39 to 0.3.40 by @dependabot in #750
• kbs: added request payload size config option by @pawelpros in #755
• Update kbs image version by @ksandowi in #756
• Clean up some text in the README by @jonner in #759
• Add basic RVPS support to kbs-client by @fitzthum in #757
• Arm CCA local verifier by @thomas-fossati in #738
• kbs-client: add built-in policies by @fitzthum in #763
• verifiers: update eventlog crate by @fitzthum in #766
• tdx: change default qcnl configuration by @fitzthum in #771
• toolchain: add rust-toolchain file by @Xynnn007 in #773
• ci: enable kbs integration / e2e sample tests on arm64 by @seungukshin in #774
• extractors: add SWID/RIM extractor by @fitzthum in #777
• policy: fix SNP policy by @fitzthum in #780
• ci: fix the kbs e2e test failure on azure vtpm by @seungukshin in #781
• kbs/config/kubernetes: update for deploying on AKS by @wainersm in #778
• Add built-in affirming policy to KBS client by @fitzthum in #779
• tdx: fixup qcnl config by @fitzthum in #783
• ci: set up native build for arm64 and kbs-client-image by @seungukshin in #769
• tdx-verifier: ignore non-QEMU kernel loader EFI measurement events by @mythi in #782

New Contributors

• @RodgerZhu made their first contribution in #748
• @ksandowi made their first contribution in #756
• @jonner made their first contribution in #759

Full Changelog: v0.12.0...v0.13.0

v0.12.0

The v0.12.0 release of Trustee is used with CoCo v0.13.0

Note that the k8s yamls provided in this config reference the latest images rather than the images for this release.

What's Changed

• build(deps): bump rustversion from 1.0.18 to 1.0.19 by @dependabot in #661
• build(deps): bump proc-macro2 from 1.0.89 to 1.0.93 by @dependabot in #662
• build(deps): bump tokio-util from 0.7.12 to 0.7.13 by @dependabot in #663
• Setup integration tests by @fitzthum in #619
• build(deps): bump data-encoding from 2.6.0 to 2.7.0 by @dependabot in #665
• build(deps): bump anyhow from 1.0.94 to 1.0.95 by @dependabot in #669
• ear: add TDX sample policy checks by @mythi in #667
• Reorganized integration tests and add negative tests by @fitzthum in #671
• build(deps): bump const_fn from 0.4.10 to 0.4.11 by @dependabot in #672
• kbs: ITA: Documentation update. by @szymon-klimek in #675
• deps/verifier: Add constructor for SnpEvidence by @tylerfanelli in #679
• build(deps): bump url from 2.5.3 to 2.5.4 by @dependabot in #680
• verifier: add parsing tdx td attributes and usage in policy by @pawelpros in #685
• release: fixup release helper by @fitzthum in #688
• build(deps): bump unicode-ident from 1.0.14 to 1.0.16 by @dependabot in #686
• as, rvps: Documentation fixes and add ons, podman Containerfiles by @tylerfanelli in #684
• Update release scripting for kbs-client by @portersrc in #691
• build(deps): bump time from 0.3.36 to 0.3.37 by @dependabot in #690
• Minor refactor of RVPS by @fitzthum in #676
• setup-opa action and Ubuntu 24.04 runners by @mythi in #687
• build(deps): bump cryptoki from 0.7.0 to 0.8.0 by @dependabot in #693
• RVPS | Replace Mutex to RwLock by @Xynnn007 in #695
• workflows: install ORAS on runners by @fitzthum in #696
• build(deps): bump blake2b_simd from 1.0.2 to 1.0.3 by @dependabot in #697
• tdx-verifier: eventlog: handle OVMF/efistub measurements correctly by @mythi in #674
• config: fix insecure_key parameter by @fitzthum in #700
• Dockerfile: support podman by @seungukshin in #689
• Fixes inspired by Clippy by @fitzthum in #668
• verifier: add tcb_info status, advisory_ids and collateral_expiration_status to policy by @pawelpros in #704
• KBS: Fix deployment of resources policy on k8s + misc changes by @wainersm in #707
• build(deps): bump errno from 0.3.9 to 0.3.10 by @dependabot in #701
• verifier: combined duplicated dcap implementation by @pawelpros in #709
• build(deps): bump itoa from 1.0.13 to 1.0.14 by @dependabot in #710
• Add nebula_ca plugin by @cclaudio in #539
• build(deps): bump mio from 1.0.2 to 1.0.3 by @dependabot in #713
• CI | Fix segment error aarch64 by @Xynnn007 in #716
• build(deps): bump js-sys from 0.3.72 to 0.3.77 by @dependabot in #714
• KBS: Update KBS protocol to 0.2.0 to fix JWE format due to RFC7516 by @Xynnn007 in #597
• kbs: make repository part of resource path mandatory by @pmores in #720
• rust: go back to rust 1.80.0 by @fitzthum in #725
• kbs/dockerfile: replace kbs by trustee by @niteeshkd in #724
• tdx: fix bitflags serde bug by @fitzthum in #726
• cargo fmt by @tylerfanelli in #732
• build(deps): bump cc from 1.2.15 to 1.2.16 by @dependabot in #730
• ci: fix rust version of kbs-client release dockerfile to 1.80.0 by @Xynnn007 in #736
• ci: build kbs-e2e binaries on Ubuntu 22.04 by @mythi in #711
• Add test for non-trivial KBS policy by @fitzthum in #703
• build: drop libtdx-attest by @mythi in #727
• ita: added processing event logs in SGX & TDX context by @pawelpros in #733
• build(deps): bump quote from 1.0.39 to 1.0.40 by @dependabot in #739
• fix(as): make EAR TV names into acceptable OPA variable names by @thomas-fossati in #742

New Contributors

• @szymon-klimek made their first contribution in #675
• @cclaudio made their first contribution in #539
• @pmores made their first contribution in #720
• @niteeshkd made their first contribution in #724

Full Changelog: v0.11.0...v0.12.0

v0.10.1

What's Changed

• build(deps): bump scientific from 0.5.2 to 0.5.3 by @dependabot in #501
• kbs: update kustomization yaml to v0.10.1 & fix release script by @Xynnn007 in #504

Full Changelog: v0.10.0...v0.10.1

v0.10.0

What's Changed

• intel-trust-authority-as: add error message log by @pawelpros in #424
• doc: add attestation policy guide for ibmse verifier by @huoqifeng in #433
• CLI: specify ATTESTER to build kbs-client by @genjuro214 in #429
• ci: test use https in kbs e2e test by @mkulke in #434
• KBS: Enable deployment for s390x by @BbolroC in #436
• KBS: refactor code structure by @Xynnn007 in #430
• Fix broken SE link by @fitzthum in #437
• e2e-test: fix binary build on self-hosted runners by @mkulke in #438
• docker: refactor docker folder structure by @pawelpros in #427
• config: fix custom pccs deployment for TDX by @fitzthum in #439
• doc: update ibmse verifier document by @huoqifeng in #440
• AS/verifier: support AA eventlog in TDX by @Xynnn007 in #408
• build(deps): bump clap_lex from 0.7.0 to 0.7.1 by @dependabot in #441
• KBS: Add aliyun KMS as repository storage backend by @Xynnn007 in #444
• GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in #453
• kbs: Fix rate limit error with busybox by @ChengyuZhu6 in #452
• kbs: add ProtocolVersion error by @mythi in #449
• ci: fix doc_lazy_continuation checks added in rust 1.80.0 by @mythi in #447
• kbs: Refactor nonce handling by @jodh-intel in #457
• initdata: enhance the initdata spec for PeerPod and IBM SE by @huoqifeng in #450
• build(deps): bump serde from 1.0.200 to 1.0.205 by @dependabot in #459
• ibmse: SE_SKIP_CERTS_VERIFICATION for all KBS image by @huoqifeng in #460
• build(deps): bump regex from 1.10.4 to 1.10.6 by @dependabot in #461
• ibmse: use hash rather than hex for initdata digest in claims by @huoqifeng in #462
• ibmse: update readme to reflect initdata change by @huoqifeng in #464
• build(deps): bump ureq from 2.9.7 to 2.10.1 by @dependabot in #465
• build(deps): bump zstd from 0.13.1 to 0.13.2 by @dependabot in #466
• build(deps): bump backtrace from 0.3.71 to 0.3.73 by @dependabot in #467
• build(deps): bump colorchoice from 1.0.1 to 1.0.2 by @dependabot in #468
• kbs: msic fix in self-signed-https.md by @huoqifeng in #469
• build(deps): bump zerocopy from 0.7.32 to 0.7.35 by @dependabot in #471
• build(deps): bump security-framework-sys from 2.10.0 to 2.11.1 by @dependabot in #472
• build(deps): bump flate2 from 1.0.30 to 1.0.32 by @dependabot in #474
• chore: fix cargo warnings on missing default-features by @mythi in #475
• build(deps): bump hyper from 0.14.28 to 0.14.30 by @dependabot in #476
• build(deps): bump is-terminal from 0.4.12 to 0.4.13 by @dependabot in #479
• build(deps): bump getrandom from 0.2.14 to 0.2.15 by @dependabot in #481
• Bump kbs-types and kbs_protocol with a KBS protocol version change by @mythi in #445
• kbs: token: configuration cleanup by @mythi in #483
• build(deps): bump version_check from 0.9.4 to 0.9.5 by @dependabot in #482
• kbs: token: add verifier with JSON Web Keys by @mythi in #458
• ita: use AttestationTokenVerifier by @mythi in #490
• update CODEOWNERS by @mythi in #488
• build(deps): bump wasm-bindgen from 0.2.92 to 0.2.93 by @dependabot in #492
• Bump az-tdx-vtpm & az-snp-vtpm from 0.5.3 to 0.7.0 by @pawelpros in #493
• build(deps): bump serde_spanned from 0.6.6 to 0.6.7 by @dependabot in #495
• build(deps): bump curl-sys from 0.4.72+curl-8.6.0 to 0.4.74+curl-8.9.0 by @dependabot in #496
• kbs: ita: Set hash algorithm based on TEE type by @jodh-intel in #491
• ita: add support for Azure attestation using dedicated API by @pawelpros in #494
• bump guest-components + ITA kustomization by @mythi in #497
• ita: Build the kustomization based on nodeport by @fidencio in #498
• build(deps): bump libloading from 0.8.3 to 0.8.5 by @dependabot in #499
• chore: update guest-components to v0.10.0 by @Xynnn007 in #500

New Contributors

• @genjuro214 made their first contribution in #429

Full Changelog: v0.9.0...v0.10.0

v0.9.0

What's Changed

• kbs/config: add RVPS config by @wainersm in #321
• ci: set certs/key as makefile deps in e2e test by @mkulke in #325
• ci: add az-tdx-vtpm workflow for e2e tests by @mkulke in #323
• kbs: improvements to quickstart and misc by @wainersm in #324
• CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #331
• bump: jsonwebtoken to 9 by @Xynnn007 in #292
• ci: fix DCAP package install by @mythi in #336
• KBS: add a guide for HTTPS kbs usage by @Xynnn007 in #340
• Add configuration file for RVPS and add support for JSON fs storage by @Xynnn007 in #339
• az-snp/tdx-vtpm-verifier: add PCRs to claims map by @mkulke in #334
• docs: fix repo name from kbs to Trustee by @Xynnn007 in #337
• build(deps): Bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.1 in /attestation-service/attestation-service/src/cgo by @dependabot in #347
• Verifier: Refactor errors in csv module by @kartikjoshi21 in #330
• Use the Trustee name in a few more places by @fitzthum in #355
• Verifeir: Add support for TDX quote v5 by @Xynnn007 in #354
• Build and push kbs-client binary by @portersrc in #349
• Fix build warnings by @fitzthum in #360
• Add write-packages permission for kbs-client-build-and-push workflow by @portersrc in #358
• AS & KBS | Optimize log by @Xynnn007 in #362
• attestation-service: Refactor errors in attestation module by @kartikjoshi21 in #327
• Azsnpvtpm: Replace anyhow error crate with thiserror crate by @kartikjoshi21 in #341
• [RFC] Initdata specification by @Xynnn007 in #348
• kbs: switch to Regorus for resource policy by @fitzthum in #357
• docker: Use Ubuntu 22.04 as kbs base image by @mkulke in #368
• AS: Optimize policy management mechanism by @jialez0 in #351
• k8s-config: Add support for NodePort service type by @surajssd in #371
• Add a helper script for releasing trustee by @portersrc in #373
• Tidy the readme and documents by @Xynnn007 in #365
• KBS: fix session status by @Xynnn007 in #376
• k8s: docs: DCAP kustomization + non-release images by @mythi in #375
• AS/verifier: Enhance quote verification with multi-thread support in tdx by @ChengyuZhu6 in #387
• workflows: Rename Docker build step from gRPC to RESTful by @ChengyuZhu6 in #389
• add: snp updates and mods to support VLEK by @wobito in #385
• kbs: Add support for configurable policy by @kartikjoshi21 in #392
• Update SNP Verifier with report and init claims by @fitzthum in #253
• AS | Refactor the policy module by @Xynnn007 in #390
• tdx: sgx: Bump DCAP dependency by @fidencio in #398
• kbs-client: encode policies with nopad-url-b64 by @mkulke in #400
• CI: set expected tee in policy within the kbs e2e test by @mkulke in #401
• attestation: fix clippy error in intel_trust_authority AS by @mythi in #402
• Add Dockerfile for Red Hat UBI by @spotlesstofu in #403
• Verifier: Add IBM Secure Execution driver framework by @huoqifeng in #345
• AS | Fix SGX verifier & Optimization by @Xynnn007 in #404
• drop Golang from builds by @mythi in #405
• Enable artifacts for s390x by @BbolroC in #383
• chore: bump guest-components and reqwest by @mythi in #412
• ibmsse: change ec to rsa key by @huoqifeng in #411
• ibmse: add development document for ibmse verifier by @huoqifeng in #413
• Fix KBS AS build warning by @larrydewey in #421
• kbs: shrink the size of docker image by @Xynnn007 in #417
• Add runtime dependencies to Dockerfile.rhel-ubi by @spotlesstofu in #422
• ibmse: add debug_assertions for debug and release branch by @huoqifeng in #420
• kbs: simplify tee-pubkey reading from the attestation token by @mythi in #414
• intel-trust-authority-as: add runtime data to attestation request by @mythi in #406
• AS/verifier: fix tdx quote verification unit test by @Xynnn007 in #426
• ibmse: use optional root_ca when launch kbs by @huoqifeng in #423
• ci: added publishing intel trust authority AS docker by @pawelpros in #410
• opa: Refactor opa module errors by @kartikjoshi21 in #409
• ibmse: update attestation-service documents for ibmse by @liudalibj in #428
• bump: guest-components to candidate v0.9.0 by @Xynnn007 in #425
• kbs: Revert support for configurable policy by @mkulke in #431
• Release: Update KBS for v0.9.0 by @portersrc in #432

New Contributors

• @wainersm made their first contribution in #321
• @wobito made their first contribution in #385
• @fidencio made their first contribution in #398
• @spotlesstofu made their first contribution in #403
• @huoqifeng made their first contribution in #345
• @larrydewey made their first contribution in #421
• @pawelpros made their first contribution in #410
• @liudalibj made their first contribution in #428

Full Changelog: v0.8.2...v0.9.0

v0.8.2

Note

There is no KBS v0.8.1. There was a v0.8.1 of the attestation-service and rvps prior to the repo merge.

Many significant changes have been made to the KBS while general CoCo releases have been suspended. Hence, we have released KBS v0.8.2. Among other things the changes include a significant security fix that squashes a bug where the result of the resource policy was not properly checked.

What's Changed

• Merge Attestation-Service and KBS by @Xynnn007 in #173
• docs: fix links inside documents by @Xynnn007 in #222
• build(deps): Bump rustls-pemfile from 1.0.3 to 1.0.4 by @dependabot in #224
• build(deps): bump docker/login-action from 2 to 3 by @dependabot in #161
• build(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #160
• build(deps): Bump github.com/open-policy-agent/opa from 0.56.0 to 0.58.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #176
• Fix Azure SNP vTPM attestation (grpc) by @lmilleri in #221
• k8s-configs: Add Ingress config by @surajssd in #166
• attestation-service: Fix report signature validation in SNP verifier by @mkulke in #229
• attestation-service: Reuse SNP verifier logic in az-snp-vtpm by @mkulke in #230
• attestation: verifier: tdx: Allow equals in kernel param values by @jodh-intel in #227
• attestation-service: fix checks for VCEK signature by @mkulke in #233
• Refactor Attestation-Service by @Xynnn007 in #216
• attestation-agent: fail fast on broken AMD certs by @mkulke in #236
• Fix cgo mods in AS & RVPS by @Xynnn007 in #239
• CSV Verifier: Update Evidence format by @jialez0 in #243
• Rename Amber to Intel Trust Authority by @mythi in #244
• attestation-service: bump az-snp-vtpm verifier by @mkulke in #245
• chore: fix some comments around RVPS by @chendave in #247
• build(deps): Bump github.com/open-policy-agent/opa from 0.58.0 to 0.59.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #249
• kbs: Build image on merge to main by @kartikjoshi21 in #170
• build(deps): Bump docker/login-action from 2 to 3 by @dependabot in #252
• build(deps): Bump docker/setup-buildx-action from 1 to 3 by @dependabot in #251
• AS: add parsed claims for TDX/SGX and documents by @Xynnn007 in #248
• Cca: Get the evidence from EAR (EAT Attesation Result) by @chendave in #241
• kbs: Fix docker registry name in image build workflow by @kartikjoshi21 in #254
• build(deps): Bump actions/setup-go from 4 to 5 by @dependabot in #257
• attestation: verifier: tdx: Rework TdShimPlatformConfigInfo try_from by @jodh-intel in #255
• Fix dependency version when building container image by @Xynnn007 in #261
• [Attestation Service] Change the API of CoCo-AS by @Xynnn007 in #240
• build(deps): Bump github.com/open-policy-agent/opa from 0.59.0 to 0.60.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #263
• Bump kbs-types and kbs_protocol dep version by @Xynnn007 in #266
• Bump kbs protocol by @Xynnn007 in #267
• Attestation Service | Add RESTful CoCo-AS Implementation by @Xynnn007 in #262
• build(deps): Bump anstyle-wincon from 3.0.1 to 3.0.2 by @dependabot in #268
• build(deps): Bump is-terminal from 0.4.9 to 0.4.10 by @dependabot in #270
• kbs/tool: remove unless dependency by @Xynnn007 in #271
• Added e2e test for CoCo-AS using SNP evidence by @Xynnn007 in #264
• build(deps): Bump rustix from 0.38.26 to 0.38.28 by @dependabot in #273
• ci: build grpc kbs every merge to main by @Xynnn007 in #272
• KBS/perf: promote the concurrency performance of KBS by @Lu-Biao in #275
• KBS: Optimize performance and memory usage by @Xynnn007 in #258
• AS/Verifier: fix the report/init data comparation by @Xynnn007 in #274
• build(deps): Bump memchr from 2.6.4 to 2.7.1 by @dependabot in #276
• Fix RVPS binary building & push image every merge to main by @Xynnn007 in #277
• build(deps): Bump anyhow from 1.0.75 to 1.0.79 by @dependabot in #278
• build(deps): Bump schannel from 0.1.22 to 0.1.23 by @dependabot in #280
• Add end-to-end test with docker compose and sample attester by @fitzthum in #283
• e2e-test: enable real TEE on self-hosted runners by @mkulke in #284
• build(deps): Bump actions/checkout from 3 to 4 by @dependabot in #288
• e2e: reference kbs-e2e.yaml worfklows locally by @mkulke in #291
• Support X.509 Certificate in Attestation Token. by @jialez0 in #265
• Add support az-tdx-vtpm tee by @mkulke in #169
• az-snp-vtpm-verifier: remove report_data padding by @mkulke in #295
• Fix Verifier CI coverage problem by @Xynnn007 in #299
• build(deps): Bump actions/cache from 3 to 4 by @dependabot in #296
• kbs: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #301
• Improve Documentation by @fitzthum in #287
• ci: fetch the head of a PR in kbs TEE runs by @mkulke in #309
• ci: Add default user for git rebase by @mkulke in #314
• ci: install libssl-dev for e2e on self-hosted runners by @mkulke in #308
• docs: Fix typo in cluster documentation by @GabyCT in #316
• docs: Improve RVPS document by @GabyCT in #317
• k8s: Add RVPS config to kbs-config by @surajssd in #318
• Update az snp / tdx vtpm dependency to 0.5 by @surajssd in #293
• ci: introduce actionlint and fix findings by @mkulke in #315
• build(deps): Bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 in /attestation-service/attestation-service/src/cgo by @dependabot in #305
• Release: Update KBS for v0.8.2 release by @portersrc in #319

New Contributors

• @lmilleri made their first contribution in #221
• @jodh-intel made their first contribution in #227
• @kartikjoshi21 made their first contribution in #170
• @GabyCT made their first contribution in #316
• @portersrc made their first contribution in #319

Full Changelog: v0.8.0...v0.8.2