Release v0.3.8

New Features

• Add OIDC token refresh to container runner in #183

Bug Fixes

• Start to use AK cert in attestation in #190

Release v0.3.7

Breaking Changes

• Use []*x509.Certificate instead of x509.CertPool in VerifyOptions: #185

New Features

• Enable AK Intermediate fetching in the launcher: #177
• Add "tee-impersonate-service-accounts" to launcher: #182
• Get instance information from AK Certificate: #184

Other Changes

• Remove github.com/google/certificate-transparency-go/x509 dependancy: #178
• Move to using Go 1.18 Workspaces: #176 #180
• Update documentation for building gotpm CLI: #181

v0.3.6

What's Changed

• Add the launcher submodule by @jkl73 in #173
• Change crypto/x509 dependencies to ct/x509 by @jessieqliu in #175

Full Changelog: v0.3.5...v0.3.6

v0.3.5

Breaking Changes

• cmd: Move to separate go module by @josephlr in #166
• Change FetchCertChain bool option to HTTP client by @jessieqliu in #171

What's Changed

• Automatically use attestation intermediates for AK cert verification by @jessieqliu in #172

Full Changelog: v0.3.4...v0.3.5

v0.3.4

What's Changed

• Add AK certificate chain retrieval by @jessieqliu in #164
• Add OverrideEnvType and OverrideArgType for cel event by @jkl73 in #161
• Add Key.SetCert() function by @jessieqliu in #167
• client: Have client.Attest return an error on bad certs by @josephlr in #168

New Contributors

• @jessieqliu made their first contribution in #164

Full Changelog: v0.3.3...v0.3.4

v0.3.3

What's Changed

• build(deps): bump github.com/google/go-attestation from 0.3.2 to 0.4.0 by @dependabot in #160
• Update dependancies by @josephlr in #163
• Fix tests for physical TPMs by @jkl73 in #165

New Contributors

• @dependabot made their first contribution in #160

Full Changelog: v0.3.2...v0.3.3

v0.3.2

New Features

• Add SecureBootState to ParseMachineState by @alexmwu in #139
• Add basic Canonical Event Log(CEL) operations by @jkl73 in #140, #145
• Add COS measurements to MachineState by @alexmwu in #147
• Add CEL replay and TPM extension in AppendEvent by @alexmwu in #148
• proto: Add rest of AttestedCosState measurements by @alexmwu in #150
• Add cos_tlv and ability to parse CEL to MachineState by @jkl73 in #146, #151
• Add AK cert support in VerifyAttestation by @alexmwu in #149

Bug Fixes

• proto: Change RestartPolicy variants to use CamelCase by @josephlr in #152
• server: Fix AK Cert checking bug by @josephlr in #153

Other Changes

• internal/test: add GetSimulatorWithLog by @josephlr in #156
• server: Support all public key types in pubKeysEqual by @josephlr in #157
• Fix CGO warnings and add CI checks to prevent regression by @josephlr in #158

Full Changelog: v0.3.1...v0.3.2

Minor Documentation and bug fixes

Doc Fixes

• #136 Updates REDAME
• #137 Makes simulator/internal documentation consistent for cgo vs non-cgo
• #138 Fixes documentation typo

Bug Fixes

• #137 Fixes bug around a make([]T, len) that should have been a make([]T, 0, len)

Support Attestation Generation and Verification

Breaking Changes

• #97 - Rename tpm2tools package to client, to better contrast with the existing server package
• #90 - Rename methods containing AIK (a TPM 1.2 term) to AK (the corresponding TPM 2.0 term)
• #104 - Update minimum Go version to 1.16
• #117 #133 - Changed sealing/unsealing options:
  • SealOpt interface is now a client.SealOpts structure
  • CertifyOpt interface is now a client.UnsealOpts structure

New features

• #53 - Add client.Quote and internal.VerifyQuote
• #100 - Add client.GetEventLog and server.ParseMachineState
• #105 - Add client.ReadAllPCRs and use it in gotpm read pcr
• #106 - Add client.Attest
• #108 - Add GCE-specific methods: client.GceAttestationKeyECC and client.GceAttestationKeyRSA
• #103 - Add server.VerifyAttestation, server.EvaluatePolicy, and server.ParseMachineState

Bug fixes

• #123 - Use /dev/tpmrm0 by default
• #106 - Have simulator.Get block instead of failing

Preview Beta release

Includes MachineState parsing from #103