Keylime v7.5.0

maugustosilva released this 23 Aug 20:56

· 87 commits to master since this release

What's Changed

New features and significant changes:

(Fix for CVE-2023-38201, details on this Security Advisory ) Challenge-response protocol between Registrar and (untrusted) Agent can be bypassed by an attacker by @maugustosilva in 9e5ac9f
mba: Manage the number of measured boot attestation by @niteeshkd in #1433
tpm_cert_store: add the Alibaba Cloud vTPM EK x509 cert by @Jingshui1037 in #1448

Bugfixes:

verifier: close session in worker_webhook function by @kkaarreell in #1456
elchecking/example: add ignores for EV_PLATFORM_CONFIG_FLAGS by @THS-on in #1450
verifier: should read parameters from verifier.conf only by @maugustosilva in #1458
templates/2.0/mapping.json: fix the default registrar_port error in the verifier config by @Jingshui1037 in #1441

Testing/CI:

Update container build workflow actions by @ansasaki in #1447
installer.sh: use the -i parameter variable to set the default binding and listening IP about the agent, verifier, and registrar server is 127.0.0.1 or 0.0.0.0 by @Jingshui1037 in #1444
requirements.txt: update the need sqlalchemy version to 1.3.12 and above. by @Jingshui1037 in #1454

Code cleanup

codestyle: Fix access to possibly not available package 'rpm' (pyright) by @stefanberger in #1443

Documentation

Administrative

Monthly release (7.5.0) by @maugustosilva in #1460

New Contributors

@niteeshkd made their first contribution in #1433

Full Changelog: v7.4.0...v7.5.0

Contributors

stefanberger, maugustosilva, and 5 other contributors

Assets 2