Keylime v7.5.0
What's Changed
New features and significant changes:
- (Fix for CVE-2023-38201, details on this Security Advisory ) Challenge-response protocol between Registrar and (untrusted) Agent can be bypassed by an attacker by @maugustosilva in 9e5ac9f
- mba: Manage the number of measured boot attestation by @niteeshkd in #1433
- tpm_cert_store: add the Alibaba Cloud vTPM EK x509 cert by @Jingshui1037 in #1448
Bugfixes:
- verifier: close session in worker_webhook function by @kkaarreell in #1456
- elchecking/example: add ignores for EV_PLATFORM_CONFIG_FLAGS by @THS-on in #1450
- verifier: should read parameters from verifier.conf only by @maugustosilva in #1458
- templates/2.0/mapping.json: fix the default registrar_port error in the verifier config by @Jingshui1037 in #1441
Testing/CI:
- Update container build workflow actions by @ansasaki in #1447
- installer.sh: use the -i parameter variable to set the default binding and listening IP about the agent, verifier, and registrar server is 127.0.0.1 or 0.0.0.0 by @Jingshui1037 in #1444
- requirements.txt: update the need sqlalchemy version to 1.3.12 and above. by @Jingshui1037 in #1454
Code cleanup
- codestyle: Fix access to possibly not available package 'rpm' (pyright) by @stefanberger in #1443
Documentation
Administrative
- Monthly release (7.5.0) by @maugustosilva in #1460
New Contributors
- @niteeshkd made their first contribution in #1433
Full Changelog: v7.4.0...v7.5.0