v0.9.0

What's Changed

• aa/attester: Update csv-rs dep to rev 9d8882e. by @BaoshunFang in #388
• image-rs: change namespace of ICR images by @mattarnoatibm in #383
• image-rs: fix nightly lint error by @Xynnn007 in #390
• api-server-rest: Add actionable error message for ttrcp client by @arronwy in #389
• CDH add unwrapkey API by @Xynnn007 in #349
• Fix link error by @Xynnn007 in #393
• Cca: list Arm CCA as one of CC KBC attesters by @chendave in #391
• CI for Confidential Data Hub by @Xynnn007 in #395
• Cargo.lock: update dep by @Xynnn007 in #396
• cdh: add secure mount feature in cdh by @LindaYu17 in #345
• Attester: Update CSV evidence format by @jialez0 in #398
• attestion-agent: bump az_snp_vtpm attester version by @mkulke in #399
• CDH: add en/decrypt support for eHSM-KMS by @1570005763 in #359
• update peerpod daemon.json path by @katexochen in #401
• ocicrypt-rs: regenerate keyprovider g/ttrpc code by @mkulke in #405
• image-rs: fix image layer ordering by @mkulke in #404
• AA: Add API to extend measurement register at runtime by @jialez0 in #392
• kbs-types and sigstore updates by @mythi in #408
• Makefile: add platform Makefile to quickly build guest component binaries by @Xynnn007 in #407
• CDH/eHSM: add features for eHSM support by @Xynnn007 in #409
• Update CI and ttrpc built proto files by @Xynnn007 in #411
• chore(deps): update sigstore-rs to 0.8.0 and oci-distribution to 0.10.0 by @mythi in #414
• AA/kbs_protocol: fix RCAR handshake protocol by @Xynnn007 in #406
• Random key generation by @piotrpalcz in #385
• image-rs: enable the test of reading credentials from auth config by @ChengyuZhu6 in #421
• image-rs: Redefine constructions of ImageClient and ImageConfig by @ChengyuZhu6 in #416
• attester: add evidence_getter binary by @Xynnn007 in #418
• attestation-agent: add az-tdx-vtpm attester by @mkulke in #375
• AA: fix CI failure by @1570005763 in #424
• Makefile: add more platforms to Makefile by @fitzthum in #425
• sample: always enable sample attester by @fitzthum in #426
• aa/cdh: make agent-config path configurable by env by @mkulke in #429
• cocokeyprovider: add support for daemonize by @Xynnn007 in #417
• Fixes mount parameter order in CDH/Storage/OSS by @Xynnn007 in #432
• Move AA abilities to CDH by @Xynnn007 in #427
• build: Rename the feature flag and set default by @bpradipt in #437
• AA/kbs_protocol: fix the RCAR handshake unit test by @Xynnn007 in #438
• image-rs: fix integration test by @Xynnn007 in #441
• CDH: add get_secret support for Aliyun KMS by @1570005763 in #423
• aa_kbc_params: centralize handling in CDH and AA by @mkulke in #440
• chore(deps): Bump actions/cache from 3 to 4 by @dependabot in #445
• Update az snp vtpm to 0.5 by @surajssd in #436
• aa: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #448
• AA: Support get CoCo-AS Attestation Token by @jialez0 in #449
• Makefile: support to build components for all platforms and amd by @Xynnn007 in #453
• RFC: attester: tdx: try not to error on broken report_data by @mythi in #452
• cdh/kms:add 'Aliyun' as 'VaultProvider' by @1570005763 in #455
• Nit Fix: remove abandoned file for backup by @jialez0 in #457
• AA: Add coco_as feature to cc_kbc to default support CoCo-AS by @jialez0 in #459
• cdh/kms: add default value for "AliSecretAnnotations" by @1570005763 in #458
• deps: Update az-snp-vtpm & az-tdx-vtpm to 0.5.1 by @surajssd in #460
• AA: Add Config file mechanism by @jialez0 in #454
• Fix: Use strum string to parse AA token type string by @jialez0 in #463
• keyprovider: extend docker image and documentation by @mkulke in #451
• AA: Add API of CheckInitData by @Xynnn007 in #462
• workflow: trigger nydus test in workflow by @ChengyuZhu6 in #433
• ci: install DCAP packages from Jammy repo by @mythi in #350
• chore(deps): Bump tdx-attest-rs from DCAP_1.16 to DCAP_1.20 by @dependabot in #442
• Cargo.lock: Update dep of curve25519-dalek and x25519-dalek by @ChengyuZhu6 in #471
• chore(deps): Bump deranged from 0.3.10 to 0.3.11 by @dependabot in #472
• Replace unsafe NonNull::new_unchecked with NonNull:new by @pingzhaozz in #461
• CI: fix rust-nightly static checks by @portersrc in #476
• attester: add TSM REPORT module and move TDX to use it by @mythi in #434
• chore(deps): Bump http-auth from 0.1.8 to 0.1.9 by @dependabot in #475
• CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #477
• image-rs: add encrypted nydus image tests by @ChengyuZhu6 in #469
• chore(deps): Bump anyhow from 1.0.77 to 1.0.80 by @dependabot in #478
• chore(deps): Bump base64 from 0.21.5 to 0.21.7 by @dependabot in #479
• chore(deps): Bump k256 from 0.13.2 to 0.13.3 by @dependabot in #481
• CDH | Add configuration file when launching by @Xynnn007 in #444
• chore(deps): Bump tls_codec from 0.4.0 to 0.4.1 by @dependabot in #482
• chore(deps): Bump scroll from 0.11.0 to 0.12.0 by @dependabot in #483
• chore(deps): Bump dsa from 0.6.2 to 0.6.3 by @dependabot in #484
• attester: bump az-*-vtpm crates to 0.5.2 by @mkulke in #486
• AA/attester: add README docs by @Xynnn007 in #493
• cdh: make the config path configurable by env by @mkulke in #494
• Move non-attestation functions out of AA by @Xynnn007 in #468
• dep: update ring to 0.17 by @Xynnn007 in #499
• chore(deps): Bump mio from 0.8.10 to 0.8.11 by @dependabot in #498
• chore(deps): Bump ahash from 0.7.7 to 0.7.8 by @dependabot in #500
• chore(deps): Bump http from 0.2.11 to 0.2.12 by @dependabot in #502
• image-rs: replace rand from openssl to ring by @Xynnn007 in #501
• chore(deps): Bump winnow from 0.6.2 to 0.6.5 by @dependabot in #504
• image-rs: Add cargo build for multiarch by @stevenhorsman in #491
• AA/attester: improve tdx runtime measurement by @Lu-Biao in #467
• attester: tdx: Improve extend runtime measurement handling by @jodh-intel in #503
• Fix makefile by @Xynnn007 in #506
• Makefile: Fix error by @stevenhorsman in #508
• chore(deps): Bump libloading from 0.8.1 to 0.8.3 by @dependabot in #507
• chore(deps): Bump serial_test from 1.0.0 to 2.0.0 by @dependabot in #509
• image-rs: use ring in unit test by @Xynnn007 in #510
• aa_kbc_params: parse from kernel cmdlind first by @Xynnn007 in #511
• chore(deps): Bump async-trait from 0.1.77 to 0.1.78 by @dependabot in #512
• chore(deps): Bump rayon from 1.8.1 to 1.9.0 by @dependabot in #513
• CDH: fix config read by @Xynnn007 in #517
• Improve CDH docs by @wainersm in #518
• CDH | Add a client tool by @Xynnn007 in #450
• AA/Attester: fix TDX platform detection by @Xynnn007 in #515
• cdh/secret: add unseal, ehsm support and integration test by @1570005763 in #464
• AA: add envlogger to enable log by @Xynnn007 in #519
• image-rs: refactor secure channel initialization logic by @Xynnn007 in #524
• image-rs: get rid of checking decrypt_config parameter by @Xynnn007 in #523
• proto: update protobuf to v3.4.0 by @Xynnn007 in #522
• AA | Bug Fix: correct API endpoint when get AS token by @jialez0 in #526
• cdh/docs: bug fix - add build feature for aliyun by @1570005763 in #528
• cdh/docs: add/update eHSM document by @1570005763 in #527
• attester: use anyhow Context consistently by @mythi in #533
• AA & CDH | Add feature information and git sha via -V by @Xynnn007 in #532
• CDH: move sev init into KMS plugins by @Xynnn007 in #537
• AA | Enable the launch configuration by @Xynnn007 in #531
• CDH | Refactor secure mount module by @Xynnn007 in #539
• dependency updates by @mythi in #542
• Optimize error for guest-components by @Xynnn007 in #543
• chore(deps): Bump crossbeam-channel from 0.5.11 to 0.5.12 by @dependabot in #536
• CDH | Add gRPC implementation by @Xynnn007 in #545
• AA: add UpdateConfiguration API by @Xynnn007 in #549
• chore(deps): Bump serde_json from 1.0.114 to 1.0.116 by @dependabot in #547
• chore(deps): Bump reqwest from 0.11.24 to 0.11.27 by @dependabot in #551
• CDH | Fix secure mount by @Xynnn007 in #553
• bumps sev crate to 3.1.1 by @wobito in #555
• chore(deps): Bump strum_macros from 0.25.3 to 0.26.2 by @dependabot in #552
• chore(deps): Bump async-compression from 0.4.6 to 0.4.10 by @dependabot in #560
• Support gzip.multiple_members by @skaegi in #561
• Gzip should preserve ownership/permissions by @skaegi in #562
• Add cdh golang client interface by @ChengyuZhu6 in #557
• chore(deps): Bump toml from 0.8.10 to 0.8.14 by @dependabot in #570
• tdx-attester updates by @mythi in #571
• Handle gzip whiteouts correctly by @skaegi in #563
• chore(deps): Bump pin-project-lite from 0.2.13 to 0.2.14 by @dependabot in #574
• aa/attester: add IBM Secure Execution driver framework by @huoqifeng in #492
• image-rs: bump dependencies by @Xynnn007 in #573
• image-rs | Move cosign test images from dockerhub to ghcr.io by @Xynnn007 in #579
• Enable basic CI for s390x by @BbolroC in #576
• chore(deps): Bump url from 2.5.0 to 2.5.1 by @dependabot in #580
• ibmse: fix vec decoding by @huoqifeng in #582
• GHA: Place pre-action for s390x self-hosted runner by @BbolroC in #585
• GHA: Fix indentation error and skip image.rs tests for s390x by @BbolroC in #586
• chore(deps): Bump libc from 0.2.153 to 0.2.155 by @dependabot in #584
• aa: surface error from RCAR handshake by @fitzthum in #588
• ci: Fix occlum CI by @Xynnn007 in #583
• ibmse: add se attester to all-attesters by @huoqifeng in #590
• chore(deps): Bump serde_json from 1.0.116 to 1.0.117 by @dependabot in #589
• ci: update occlum ci by @Xynnn007 in #592
• chore(deps): Bump docker/build-push-action from 5 to 6 by @dependabot in #598
• CDH: fix aa_kbc_params and config reading by @Xynnn007 in #596
• AA: fix launch configuration by @Xynnn007 in #599

New Contributors

• @LindaYu17 made their first contribution in #345
• @1570005763 made their first contribution in #359
• @piotrpalcz made their first contribution in #385
• @fitzthum made their first contribution in #425
• @bpradipt made their first contribution in #437
• @pingzhaozz made their first contribution in #461
• @Lu-Biao made their first contribution in #467
• @wobito made their first contribution in #555
• @skaegi made their first contribution in #561
• @huoqifeng made their first contribution in #492
• @BbolroC made their first contribution in #576

Full Changelog: v0.8.0...v0.9.0