You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jul 20, 2023. It is now read-only.
Copy file name to clipboardExpand all lines: releases/v0.3.0.md
+15-7Lines changed: 15 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,21 @@
1
1
# Release Notes for v0.3.0
2
-
Release Date: TBD
2
+
Release Date: January 20th, 2023
3
3
4
-
Code Freeze: TBD
4
+
Code Freeze: January 13th, 2023
5
5
6
6
Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential Containers
7
7
8
8
## What's new
9
9
- Support for pulling images from authenticated container registries. See [design info](https://github.com/confidential-containers/image-rs/blob/main/docs/image_auth.md).
10
+
- Significantly reduced resource requirements for image pulling
11
+
- Attestation support for AMD SEV-ES
12
+
-`kata-qemu-tdx` supports and has been tested with Verdictd
13
+
- Support for `get_resource` endpoint with SEV(-ES)
14
+
- Enabled cosign signature support in enclave-cc / SGX
15
+
- SEV attestation bug fixes
16
+
- Measured rootfs now works with `kata-clh`, `kata-qemu`, `kata-clh-tdx`, and `kata-qemu-tdx` runtime classes.
17
+
- IBM zSystems / LinuxONE (s390x) enablement and CI verification on non-TEE environments
18
+
- Enhanced docs, config, CI pipeline and test coverage for enclave-cc / SGX
10
19
11
20
## Hardware Support
12
21
Confidential Containers is tested with attestation on the following platforms:
@@ -16,7 +25,7 @@ Confidential Containers is tested with attestation on the following platforms:
16
25
The following platforms are untested or partially supported:
17
26
- Intel SGX
18
27
- AMD SEV-ES
19
-
- IBM Z SE
28
+
- IBM Secure Execution (SE) on IBM zSystems & LinuxONE
20
29
21
30
The following platforms are in development:
22
31
- AMD SEV-SNP
@@ -26,9 +35,8 @@ The following platforms are in development:
26
35
The following are known limitations of this release:
27
36
28
37
- Platform support is currently limited, and rapidly changing
29
-
* s390x is not supported by the CoCo operator
30
-
* AMD SEV-ES has not been tested.
31
-
* AMD SEV does not support container image signature validation.
38
+
* AMD SEV-ES is not tested in the CI.
39
+
* Image signature validation has not been tested with AMD SEV.
32
40
* s390x does not support cosign signature validation
33
41
- SELinux is not supported on the host and must be set to permissive if in use.
34
42
- Attestation and key brokering support is still under development
@@ -58,7 +66,7 @@ The following are known limitations of this release:
58
66
* Container images are downloaded by the guest (with encryption), not by the host
59
67
* As a result, the same image will be downloaded separately by every pod using it, not shared between pods on the same host. [More info](https://github.com/confidential-containers/community/issues/66)
60
68
- The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
61
-
* We track our status with the OpenSSF Best Practices Badge, which increased to 46% at the time of this release.
69
+
* We track our status with the OpenSSF Best Practices Badge, which increased to 49% at the time of this release.
62
70
* The main gaps are in test coverage, both general and security tests.
63
71
* Vulnerability reporting mechanisms also need to be created. Public github issues are still appropriate for this release until private reporting is established.
0 commit comments