Releases: edgelesssys/marblerun
v1.6.0
What's Changed
Additions
- Log TCB advisories if status is not UpToDate by @thomasten in #729
- Allow specifying accepted avisories for
SWHardeningNeeded
TCB status by @daniel-weisse in #733 - Let Coordinator serve monotonic counters to Marbles by @thomasten in #741
- Derive marble private secrets using marble type in addition to UUID by @daniel-weisse in #730
- Previously, secrets were only derived based on a Marble's UUID, which would provide two different Marbles reporting the same UUID with the same secret. This release enforces two different Marbles will always receive different secrets, regardless of their UUID. If two Marbles require access to the same secret, the secret should be marked as
Shared
instead. To restore the behavior of MarbleRun previous to v1.6, set theDisableSecretBinding
property of the Marble in the manifest totrue
.
- Previously, secrets were only derived based on a Marble's UUID, which would provide two different Marbles reporting the same UUID with the same secret. This release enforces two different Marbles will always receive different secrets, regardless of their UUID. If two Marbles require access to the same secret, the secret should be marked as
Fixes
- coordinator: fix failing user verification when multiple client certs are provided by @thomasten in #738
Misc
- Change license from MPL-2.0 to BUSL-1.1 by @thomasten in #752
Full Changelog: v1.5.2...v1.6.0
v1.5.2
What's Changed
- Fix
OE_JSON_INFO_PARSE_ERROR
during attestation verification with recent Intel collaterals
Full Changelog: v1.5.1...v1.5.2
v1.5.1
What's Changed
Fixes
- coordinator: don't include OE header in signature for raw SGX quotes when calling
/sign-quote
endpoint by @daniel-weisse in #718 - cli: don't try to download era config if
--insecure
flag is set by @daniel-weisse in #721
Misc
- api: elaborate on nonce and quote by @thomasten in #683
- charts: use v2 api for probes by @thomasten in #693
- Update samples to Gramine v1.7 by @daniel-weisse in #599
Full Changelog: v1.5.0...v1.5.1
v1.5.0
What's Changed
Additions
-
cli: allow users to use a custom nonce for SGX quote verification using
--nonce
flag by @daniel-weisse in #644 -
cli: add
--save-sgx-quote
flag to save a Coordinator's SGX quote to disk by @daniel-weisse in #647 -
Add a public Go API by @daniel-weisse in #658
- Offers functions to interact with the Coordinator Client API, and implements the same functionality as the CLI
- documentation: https://pkg.go.dev/github.com/edgelesssys/marblerun/api
-
coordinator: Add client API v2, which offers the same endpoints as the previous client API with an updated format by @daniel-weisse in #661
- API v1 is still available and functional in the Coordinator, but should be considered deprecated
- The CLI and Go API will default to using the v2 API, falling back to v1 if unavailable
- API reference is available at https://docs.edgeless.systems/marblerun/reference/coordinator
-
coordinator: add a new client API endpoint,
/api/v2/sign-quote
, to verify and sign SGX quotes by @daniel-weisse in #659- Requires setting the new manifest option
.Config.FeatureGates
to["SignQuoteEndpoint"]
to enable
- Requires setting the new manifest option
-
cli: allow setting multiple DNS names or IPs using
--domain
flag inmarblerun install
by @daniel-weisse in #674 -
coordinator: add manifest option to seal with unique key or disable sealing by @thomasten in #677
- controlled by setting the new manifest option
.Config.SealMode
:ProductKey
: Sealing uses the product key. This is the default if not set.UniqueKey
: Sealing uses the unique key.Disabled:
If set, the Coordinator won't persist state. This can be useful for ephemeral deployments.
- controlled by setting the new manifest option
Full Changelog: v1.4.1...v1.5.0
Release v1.4.1
What's Changed
Security
This release includes a critical security fix and a security feature improvement.
Please read this changelog carefully and check whether you're affected.
If you're affected, you should update as soon as possible.
If you're not affected, we still recommend updating for the case that you might be affected in the future by changing the manifest.
- Fixed a critical issue with TTLS. See GHSA-x5r5-2qrx-rqj8 for full details.
- Added the ability to not accept TCB status SWHardeningNeeded during remote attestation
- Update SGX libraries to 2.22 (PSW) and 1.19 (DCAP)
- Updates of other dependencies
Fixes
- Fix webhook certificates always being issued for the marblerun namespace when installing with CLI (#573)
Full Changelog: v1.4.0...v1.4.1
v1.4.0
What's Changed
- Build premain on Ubuntu 20.04 by @thomasten in #487
- Allow adding additional IPs for Coordinator root cert by @daniel-weisse in #528
- Allow specifying Kubernetes namespace when installing MarbleRun, or working with a Kubernetes deployment of MarbleRun, using the
--namespace
flag - Pin Coordinator root certificate for all commands interacting withe the Coordinator after
marblerun manifest set
- The certificate is saved to
~/.config/marblerun/coordinator-cert.pem
by default - Specify the
--coordinator-cert
flag to set a custom location
- The certificate is saved to
Security fixes
- Fix a MITM vulnerability when using the CLI to interact with a MarbleRun deployment after the manifest has been set
Full Changelog: v1.3.0...v1.4.0
v1.3.0
Fixes
- fix nightly image builds by @thomasten in #435
- fix webhook certificates not being reloaded on change by @daniel-weisse in #470
- remove version label from
marble-injector
selector by @daniel-weisse in #472- this caused issues resulting in the deployment being unable to be upgraded to a new image version using helm
- when upgrading from a previous release using Helm, the
marble-injector
deployment has to be removed before upgrades can be applied:kubectl delete deployments -n marblerun marble-injector helm upgrade -n marblerun marblerun ...
Additions
- cli: require chart path when using enterprise access token by @thomasten in #433
- helm: Make health probes of Coordinator deployment configurable by @daniel-weisse in #442
- remove az-dcap-client from Coordinator image by @daniel-weisse in #447
- the image now uses just
libsgx-dcap-default-qpl
- the Coordinator will still automatically configure itself to run with the Azure PCCS if available
- the
--dcap-qpl
flag has been deprecated since it is no longer necessary to set the QPL to use (there is only one)
- the image now uses just
- Build CLI for Ubuntu 20.04, 22.04, and AppImage by @thomasten in #459
- This means release will now include CLI binaries built for Ubuntu 20.04, Ubuntu 22.0, and an AppImage for Linux x86_64
Full Changelog: v1.2.0...v1.3.0
Edit (28.08.2023)
The CLI binaries marblerun-x86_64.AppImage
and marblerun-ubuntu-20.04
were built on an incorrect commit (3750726f912244854c1b000c2c6085d0da158b5f
instead of 411e3bcbb01a9a069c69d87f6713a0cde282511b
).
We have since updated the binaries and the checksums.txt
file.
The old, incorrect files are still available in the release with the old.
prefix.
Other files were left untouched.
v1.2.0
Fixes
- add missing YAML conversion to manifest verify by @daniel-weisse in #391
- fix Recover call not properly resetting store's recovery mode by @daniel-weisse in #395
- return error on SetManifest if state cannot be committed by @daniel-weisse in #397
- align capitalization of log messages by @daniel-weisse in #394
Additions
- output status if tcb level is invalid by @thomasten in #386
- better error message on failed property validation by @daniel-weisse in #425
Misc
- split util package to reduce dependencies of premain by @thomasten in #387
- remove context.TODO from CLI by @daniel-weisse in #390
- Only work on store transactions by @daniel-weisse in #388
- Move file saving from Sealer to StdStore by @daniel-weisse in #392
- add versioned docs by @m1ghtym0 in #399
Full Changelog: v1.1.0...v1.2.0
v1.1.0
Fixes
- charts: fix namespace in injector.yaml by @OverOrion in #366
- charts: fix missing provision in resources.limits by @OverOrion in #367
Additions
- docs: add examples for multi-party workflows by @m1ghtym0 in #355
- charts: enable MarbleRun Kubernetes installation using only helm by @daniel-weisse in #368
- charts: allow usage of custom PVC for Coordinator storage by @daniel-weisse in #382
- Update Go version to v1.20
Misc
- ci: update image name in workflow by @daniel-weisse in #364
- Update sample-manifest.json by @thomasten in #365
- Upgrade dependencies by @daniel-weisse in #369
- docs: update helm installation docs by @daniel-weisse in #372
- docs: reference AllowedTCBStatuses in manifest docs by @daniel-weisse in #375
- charts: Set all required resources keys for Intel Device Plugin by @daniel-weisse in #376
- Don't use apt in running container by @daniel-weisse in #379
- Refactor CLI code by @daniel-weisse in #380
- Remove direct dependency on gorilla mux by @daniel-weisse in #384
Full Changelog: v1.0.0...v1.1.0
v1.0.0
Fixes
- Fix potentially invalid variable access by @daniel-weisse in #324
- Catch potential seg fault when updating debug marbles by @daniel-weisse in #325
- Remove nodename from gramine libos detection by @lead4good in #333
Additions
- Add logging for failed marble activations by @daniel-weisse in #329
- Allow TCB levels to be accepted besides UpToDate by @OverOrion in #344
- Enforce unique certificates for users by @daniel-weisse in #353
- Reuse existing era config file by @daniel-weisse in #358
- Add reproducible build and production build by @thomasten in #362
Misc
- Separate client API from core package by @daniel-weisse in #328
- Only inject UUID volumes if not already present by @daniel-weisse in #330
- Update samples and PreMain for Gramine v1.3 compatibility by @daniel-weisse in #346
- Don't panic in premain by @daniel-weisse in #360
New Contributors
- @OverOrion made their first contribution in #344
Full Changelog: v0.6.1...v1.0.0