MigTD v0.7.1-rc.1 Pre-Release

What's Changed

• attestation: fix UB in FFI return type for servtd_attest functions by @MichalTarnacki in #813
• MigTd: Use panic_with_guest_crash_reg_report() by @haitaohuang in #811
• Fix VirtIO descriptor length validation bugs by @olivia-wu-epsf in #799
• fix(migtd): Remove cached LOCAL_TCB_INFO by @haitaohuang in #814
• Refactor wait_for_request() to catch all errors to report by @haitaohuang in #816
• build(deps): bump tokio from 1.52.1 to 1.52.2 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #819
• build(deps): bump ubuntu from 24.04 to 26.04 in /container by @dependabot[bot] in #821
• Azure policy and build update by @haitaohuang in #815
• fix(Cargo.lock): resolve dependabot alerts #13-19 in openssl and rand packages by @sgrams in #824
• build(deps): bump tokio from 1.52.2 to 1.52.3 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #830
• build(deps): bump github/codeql-action from 4.35.2 to 4.35.4 by @dependabot[bot] in #829
• build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 by @dependabot[bot] in #828
• fix(migtd): remove init_event_log from rebinding attestation by @MichalTarnacki in #827
• feat(migtd): verify SERVTD_ATTR on destination before MSK write by @MichalTarnacki in #826
• feat(migtd): support tdinfo_init in MigtdMigrationInformation by @MichalTarnacki in #825
• fix(servtd_ext): verify SERVTD_ATTR against INIT_ATTR from TDINFO by @sgrams in #832
• build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.2 by @dependabot[bot] in #833
• build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @dependabot[bot] in #834
• build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.17 to 2.0.18 by @dependabot[bot] in #835
• build(deps): bump spin from 0.10.0 to 0.11.0 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #836
• build(deps): bump spin from 0.11.0 to 0.12.0 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #840
• fix(migtd): fix code coverage collection for fuzzing tests by @MichalTarnacki in #839
• build(deps): bump serde_json from 1.0.149 to 1.0.150 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #844
• build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in #843
• build(deps): bump step-security/harden-runner from 2.19.2 to 2.19.4 by @dependabot[bot] in #842
• build(deps): bump log from 0.4.29 to 0.4.30 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #847
• fix(vmcall_raw): correct State::Establised spelling by @haitaohuang in #851
• fix(vmcall_raw): guard send-path buffer sizing against overflow by @haitaohuang in #852
• fix(pre_session_data): add #[repr(C)] to HelloPacketPayload by @haitaohuang in #854
• build(deps): bump zerocopy from 0.8.48 to 0.8.49 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #864
• td-shim: update to main branch by @haitaohuang in #863
• build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in #866
• build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.18 to 2.0.20 by @dependabot[bot] in #865
• feat(vmcall_raw): handle VMM cancellation (0x302) by @haitaohuang in #860
• fix(mig_policy): remove redundant error mapping for tdreport verifica… by @haitaohuang in #861
• refactor(vmcall_raw): remove double-dequeue and dead code in receive path by @haitaohuang in #859
• event log bound check and workaround documented by @haitaohuang in #853
• fix(crypto): locate PEM_CERT_END after PEM_CERT_BEGIN in get_fmspc_from_quote by @haitaohuang in #855
• refactor(azure): Reuse IGVM_FEATURES_BASE by @haitaohuang in #862
• build(deps): bump zerocopy from 0.8.49 to 0.8.50 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #870
• fix(servtd_ext): remove broken init_attr == curr_attr check by @sgrams in #857
• build(deps): bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in #880
• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in #879
• build(deps): bump log from 0.4.30 to 0.4.32 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #881
• fix(attest): increase attestation heap from 512K to 2M by @haitaohuang in #877
• security(spdm): bind rebind attestation to SPDM session TH1 by @haitaohuang in #878
• refactor vmcall-raw send/receive, reject invalid VMM responses by @haitaohuang in #867
• remove redundant rebind peer-peer messages by @haitaohuang in #873
• add retry for quote generation by @haitaohuang in #846
• fix(mig_policy): drop init-ref policy evaluation by @haitaohuang in #874
• refactor(migtd): unify migration and rebinding VMM request buffer layout by @haitaohuang in #869
• fix(Cargo.lock): resolve GHSA-phqj-4mhp-q6mq by @sgrams in #888
• add init tdinfo cross check by @haitaohuang in #887
• build(deps): bump zerocopy from 0.8.50 to 0.8.51 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #892
• build(deps): bump bitflags from 2.11.1 to 2.13.0 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #893
• SPDM improvements by @haitaohuang in #891
• ratls: drop self-referential init_policy_hash cert extension by @sgrams in #883
• rebinding: populate UTF-8 reason string on SPDM error paths by @sgrams in #884
• migtd: harden EnableLogArea handling (reserved validation + gated set_max_level) by @sgrams in #886
• Add peer policy signing cert chain validation + key rotation support by @haitaohuang in #890
• chore(ci): auto-generate AzCVMEmu policy files instead of tracking them by @haitaohuang in #898
• build(deps): bump zerocopy from 0.8.51 to 0.8.52 in /deps/td-shim-AzCVMEmu/azcvm-extract-report by @dependabot[bot] in #897
• upgrade MigTD version to 0.7.1 before the release by @sgrams in #899
• fix(migtd): resolve compiler warnings across crates by @sgrams in #900

New Contributors

• @olivia-wu-epsf made their first contribution in #799

Full Changelog: v0.7.0...v0.7.1-rc.1