Releases: google/go-tpm-tools
v0.4.5
Breaking Changes
Populate the SNP/TDX Machine State field with the verified SNP/TDX attestation data + use a stable COS image version #463
- Removes
verifyGceTechnology
export
Support health monitoring mode for NPD #479 - Changes signature of
spec.GetLaunchPolicy
New Features
Add event-log flag to cmd package #423
add custom nonce flag to cmd package token subcommand #451
Bug Fixes
Fix bug dropping CEL in launcher attestations #438
fix invalid check and restore workaround from #72 #435
Error message should return length of digest #436
[launcher] Fix a concurrent TPM access issue #434
Fix releaser.yaml and ci.yml file on macos #444
Refresh SA auth token in signaturediscovery client before fetching container image signatures #449
Fix an uint conversion #452
[launcher] Try to fix cloudbuild for launcher #458
Release lock if generating attestation returns error #475
Add mutex to failing client to prevent concurrent writes #494
Other Changes
Add PKI and LIMITED_AWS token types for VerifyAttestation. #430
Move verifier package to its own submodule #447
Delte files used for AUR packaging #457
Add version information and fix cloudbuild #455
Update go-sev-guest version and API use #445
Update typo in README.md #459
Add SEV-SNP policy for signed UEFI measurements #446
Update gce-tcb-verifier version. #468
[launcher] Optimize serial read in test #470
[launcher] Switch base image to 113 cos #467
Use confidentialcomputing api v1.6.0 to send SEVSNP attestation #472
Adding EV_EVENT_TAG support for PCR9 #471
Update gce-tcb-verifier dependency #485
remove duplicate error check #488
Log detailed errors if refreshing SA credential goes wrong #481
Use confidentialcomputing api v1.6.0 to send TDX attestation #477
Removed experiment flags that we would no longer consider rolling back #483
Add retry to container signature fetch in agent #489
Export function to extract and validate AK from server #492
Override /dev/shm size only when specified #493
Add tempfs experiment and gate mounting behind it #490
Instantiate backoff strategy per goroutine #496
Remove EnableSignedContainerCache + EnableMeasureMemoryMonitor from container launcher #498
Refactor CEL AppendEvent, to support RTMR #486
Change ParseCosCEL* to return an AttestedCosState #501
[launcher] launcher can expose IPv6 ports as well #505
Add the location of the service we are calling to the API error logs #506
Start NPD after LaunchSpec Verification #507
Send client logs with the cloud logging library #474
[launcher] Add DA lockout params when launching #469
[launcher] Merge upstream/tdx_rtmr #513
Bump the go_modules group across 3 directories with 1 update #512
Bump the go_modules group across 4 directories with 1 update #514
Revert "[launcher] Merge upstream/tdx_rtmr (#513)" #516
Apply retry logics in confidential computing API + workload image puller #511
Change container workload's default OOM Score #522
Reduce NPD full config #520
Add client-side experiment for NPD Health Monitoring config #525
Bump go-sev-guest to v0.12.1 #527
Add AWS Principal Tag type to launcher #515
New Contributors
@savely-krasovsky in #435
@hkolvenbach in #436
@liamjm in #459
v0.4.4
Breaking Changes:
[launcher/cmd] Refactor verifier for issue #419
- Unexport
cmd.Instance
,cmd.MetadataServer
,cmd.NewMetadataServer
. - Move package
verifier
from launcher to go-tpm-tools.verifier.Client
,verifier.Challenge
, etc.
- Move package
fake
from launcher to go-tpm-tools.fake.Claims
,fake.NewClient
, etc.
- Move package
rest
from launcher to go-tpm-tools.rest.NewClient
,rest.BadRegionError
, etc.
New Features:
[cmd] Add new command token in the CLI tool #375
[cmd] add records to cloud logging when fetching token from attestation verifier #417
Bug Fixes:
Statically link binaries built by goreleaser #425
Other Changes:
Update readme to gotpm CLI instructions. #424, #426
New Contributors:
@Ruide in #375
@qinkunbao in #424
v0.4.3
New Features:
[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412
Bug Fixes:
[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413
Other Changes:
Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414
New Contributors:
@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407
Release v0.4.2
New Features:
[launcher] Add experiment support #352
[launcher] Integrate signature discovery client into attestation agent #343
Bug Fixes:
Make launcher host tmp directory before experiment fetch #363
Other Changes:
[launcher] Print kernel cmdline on builds #268
Import latest version of go-tdx-guest #373
[launcher] Print signature details instead of signature object #374
[launcher] Add image tests for the experiments binary #378
Update go-sev-guest to v0.9.3 #381
Release v0.4.1
New Features:
[launcher] Verify FS and mount before launch #311
Integration of go-tpm-tools with go-tdx-guest #347
Intra-release Breaking Changes:
Add launcherfile package for path and file consts #356 breaks #333
Bug Fixes:
[launcher] Update the token refresh logic #325
[launcher] Fix logging blocking issue #338
Other Changes:
[launcher] Add a new metadata flag of signedImageRepos #320
Update go-sev-guest to v0.7.0 #329
[launcher] Add SSH test for image. #314
Add supported architectures to ci.yml #330
Fix the go version number error #326
[launcher] Signature discovery: fetch a signed image manifest at for parsing #324
[launcher] Export attestation token filepath and filename #333
[launcher] Increase the max file descriptor #339
[launcher] Add a signature interface and a library to parse signature from image manifest #328
Rename TdxVerify function to TdxQuote in server package. #353
[launcher] Use V1 SDK in launcher verifier client #305
Update and tidy dependencies #344
New Contributors
@yawangwang in #320
@Jingshui1037 and @hustliyilin in #326
@jrjatin in #353
test release
Merge pull request #338 from alexmwu/logging-fix Fix logging blocking issue
v0.4.0
Release v0.3.12
New Features:
Add attest and verify command to gotpm #293
Add tee_technology flag and test for tee_technology flag #307 (intra-release breaking change)
Other Changes:
Add OS Policy assignment tests for both debug and hardened. #301 Add a wrapper for ExternalTPM #302
Update to go-sev-guest v0.6.0 #304
Update base image family to use cos-dev #306
Update go-sev-guest to v0.6.1 #308
New Contributors
Release v0.3.11
New Features:
Use region in spec to create attestation service rest client #281
Parse EFI App state from the TCG event log #277
Bug Fixes:
Increase default systemd wait timeout to 900s #276
Use same env var formatting logic on the launcher as server #253
Fix image pulling in launcher #282
Bump version and fix a kernel cmd issue #291
Return the actual number of bytes written to through command buffer #287
Fix lint issues after using golangci-lint-1.52.2 #296
Other Changes:
Add image tests and test automation #275
Update go-sev-guest to v0.4.2 #278
Update to go-sev-guest v0.4.5 #279
Add proper debug license and logging to launcher #280
Upgrade to go-sev-guest v0.5.0 #283
Import go-sev-guest v0.5.2 #284
Add override test for workload env vars and cmd #286
Add test workload code, check OIDC claims, and validate launch policy checks #288
Bump golang.org/x/net in /launcher #290
Add RELEASING instructions #187
New Contributors:
Diff
https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
Release v0.3.10
New Features:
- Add IsHardened in launch spec: #244
- Add container logging redirect policy: #249
- Add SEV-SNP attestation support: #240
- Integrity-protect stateful partition on CS image: #251
- Retry launcher OIDC token refresh with backoff: #261
- Change restart policy behavior to reboot: #260
- Add ability to GetGCEInstanceInfo from a certificate: #267
Bug Fixes:
- COS event log: require CEL events to use PCR13, add a launch separator, and don't skip unknown events: #246
- Measure LaunchSeparator event: #247
- Skip unallocated PCR selections when reading all PCRs: #258
- Remove gRPC client and use of insecure credentials: #262
- Fix server.VerifyAttestation proto merging(#263) and defer of os.Exit(#264): #265
Other Changes:
- Add fake verifier client: #234
- Update CI Go Version to 1.19: #241
- Add launcher integration testing support: #255
- Test multi-writer PD creation disabled: #256
- Update go-sev-guest dependency to v0.2.6: #259
- Change OIDC retry policy to hourly and add jitter to refresh time: #266
- Add wrapper cloudbuild workflow to trigger image build and testing: #269
New Contributors:
- @JoshuaKrstic in #234
- @deeglaze in #240
- @daniel-weisse in #258