Releases: google/go-tpm-tools
v0.4.4
Breaking Changes:
[launcher/cmd] Refactor verifier for issue #419
- Unexport
cmd.Instance,cmd.MetadataServer,cmd.NewMetadataServer. - Move package
verifierfrom launcher to go-tpm-tools.verifier.Client,verifier.Challenge, etc.
- Move package
fakefrom launcher to go-tpm-tools.fake.Claims,fake.NewClient, etc.
- Move package
restfrom launcher to go-tpm-tools.rest.NewClient,rest.BadRegionError, etc.
New Features:
[cmd] Add new command token in the CLI tool #375
[cmd] add records to cloud logging when fetching token from attestation verifier #417
Bug Fixes:
Statically link binaries built by goreleaser #425
Other Changes:
Update readme to gotpm CLI instructions. #424, #426
New Contributors:
@Ruide in #375
@qinkunbao in #424
Contributors
Assets 9
v0.4.3
New Features:
[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412
Bug Fixes:
[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413
Other Changes:
Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414
New Contributors:
@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407
Contributors
Assets 9
Release v0.4.2
New Features:
[launcher] Add experiment support #352
[launcher] Integrate signature discovery client into attestation agent #343
Bug Fixes:
Make launcher host tmp directory before experiment fetch #363
Other Changes:
[launcher] Print kernel cmdline on builds #268
Import latest version of go-tdx-guest #373
[launcher] Print signature details instead of signature object #374
[launcher] Add image tests for the experiments binary #378
Update go-sev-guest to v0.9.3 #381
Release v0.4.1
New Features:
[launcher] Verify FS and mount before launch #311
Integration of go-tpm-tools with go-tdx-guest #347
Intra-release Breaking Changes:
Add launcherfile package for path and file consts #356 breaks #333
Bug Fixes:
[launcher] Update the token refresh logic #325
[launcher] Fix logging blocking issue #338
Other Changes:
[launcher] Add a new metadata flag of signedImageRepos #320
Update go-sev-guest to v0.7.0 #329
[launcher] Add SSH test for image. #314
Add supported architectures to ci.yml #330
Fix the go version number error #326
[launcher] Signature discovery: fetch a signed image manifest at for parsing #324
[launcher] Export attestation token filepath and filename #333
[launcher] Increase the max file descriptor #339
[launcher] Add a signature interface and a library to parse signature from image manifest #328
Rename TdxVerify function to TdxQuote in server package. #353
[launcher] Use V1 SDK in launcher verifier client #305
Update and tidy dependencies #344
New Contributors
@yawangwang in #320
@Jingshui1037 and @hustliyilin in #326
@jrjatin in #353
Contributors
Assets 2
test release
Merge pull request #338 from alexmwu/logging-fix Fix logging blocking issue
v0.4.0
Contributors
Assets 9
Release v0.3.12
New Features:
Add attest and verify command to gotpm #293
Add tee_technology flag and test for tee_technology flag #307 (intra-release breaking change)
Other Changes:
Add OS Policy assignment tests for both debug and hardened. #301 Add a wrapper for ExternalTPM #302
Update to go-sev-guest v0.6.0 #304
Update base image family to use cos-dev #306
Update go-sev-guest to v0.6.1 #308
New Contributors
Contributors
Assets 2
Release v0.3.11
New Features:
Use region in spec to create attestation service rest client #281
Parse EFI App state from the TCG event log #277
Bug Fixes:
Increase default systemd wait timeout to 900s #276
Use same env var formatting logic on the launcher as server #253
Fix image pulling in launcher #282
Bump version and fix a kernel cmd issue #291
Return the actual number of bytes written to through command buffer #287
Fix lint issues after using golangci-lint-1.52.2 #296
Other Changes:
Add image tests and test automation #275
Update go-sev-guest to v0.4.2 #278
Update to go-sev-guest v0.4.5 #279
Add proper debug license and logging to launcher #280
Upgrade to go-sev-guest v0.5.0 #283
Import go-sev-guest v0.5.2 #284
Add override test for workload env vars and cmd #286
Add test workload code, check OIDC claims, and validate launch policy checks #288
Bump golang.org/x/net in /launcher #290
Add RELEASING instructions #187
New Contributors:
Diff
https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
Contributors
Assets 2
Release v0.3.10
New Features:
- Add IsHardened in launch spec: #244
- Add container logging redirect policy: #249
- Add SEV-SNP attestation support: #240
- Integrity-protect stateful partition on CS image: #251
- Retry launcher OIDC token refresh with backoff: #261
- Change restart policy behavior to reboot: #260
- Add ability to GetGCEInstanceInfo from a certificate: #267
Bug Fixes:
- COS event log: require CEL events to use PCR13, add a launch separator, and don't skip unknown events: #246
- Measure LaunchSeparator event: #247
- Skip unallocated PCR selections when reading all PCRs: #258
- Remove gRPC client and use of insecure credentials: #262
- Fix server.VerifyAttestation proto merging(#263) and defer of os.Exit(#264): #265
Other Changes:
- Add fake verifier client: #234
- Update CI Go Version to 1.19: #241
- Add launcher integration testing support: #255
- Test multi-writer PD creation disabled: #256
- Update go-sev-guest dependency to v0.2.6: #259
- Change OIDC retry policy to hourly and add jitter to refresh time: #266
- Add wrapper cloudbuild workflow to trigger image build and testing: #269
New Contributors:
- @JoshuaKrstic in #234
- @deeglaze in #240
- @daniel-weisse in #258
Contributors
Assets 2
Release v0.3.9
Breaking Changes
New Features
- Add cloudbuild config and scripts by @jkl73 in #189
- Add task/container restartability by @jkl73 in #194
- Add support for fetching impersonated tokens to launcher by @jessieqliu in #193
- Add Cloud Logging; Update the service file for launcher by @jkl73 in #196
- Write the container output to both stdout/err and the logger by @jkl73 in #199
- Introduce shim verifier client to the launcher by @alexmwu in #203
- Add overridden_args and overridden_env_vars by @jkl73 in #208
- Add GrubState to ParseMachineState by @alexmwu in #143
- Add REST-based verifier.Client by @josephlr in #216
- Update launcher flags and launcher_spec by @jkl73 in #220
- Update ContainerRunner to use REST verifier by @alexmwu in #219
- Add security-hardened Confidential Space image by @alexmwu in #232
- Add Kernel cmdline parser by @alexmwu in #144
Bug Fixes
- Fix golint issues and typos by @alexmwu in #207
- Properly handle empty TCG Eventlog by @josephlr in #211
- Update VerifyAttestation logic by @jkl73 in #209
- Fix new test with parsePCClientEventLog change by @alexmwu in #213
Other Changes
- Add launch policy for cmd and env vars by @jkl73 in #195
- Upgrade containerd and other OCI dependencies by @jkl73 in #201
- Add gopkg.in/yaml.v3 dependency by @jkl73 in #202
- Update keys.go documentation by @alexmwu in #204
- Bump github.com/containerd/containerd from 1.6.4 to 1.6.6 in /launcher by @dependabot in #205
- Add licenses to the final image by @jkl73 in #206
- Hex encode PCR values in error by @brandonweeks in #210
- Move AttestationAgent code to its own package by @josephlr in #212
- Move verifier from internal and grpc to subpackage by @alexmwu in #214
- Improve rest.NewClient error handling. by @josephlr in #218
- Print OIDC token payload by @jkl73 in #222
- Pin golangci-lint by @josephlr in #227
New Contributors
- @brandonweeks made their first contribution in #210
Full Changelog: v0.3.8...v0.3.9
