v0.7.1

Minor bug fix update to amend which TCB version is used from an attestation report to fill from KDS.

What's Changed

• Allow PEM format certificates by @deeglaze in #66
• Improve product handling in attestations by @deeglaze in #65
• fix link to AMD docs by @datosh in #68
• Make error when getting certificates more transparent for user by @datosh in #70
• fix: Use reported TCB when fetching VCEK by @msanft in #73
• Fix TrustedKeyKeys typo by @msanft in #71

New Contributors

• @datosh made their first contribution in #68
• @msanft made their first contribution in #73

Full Changelog: v0.6.2...v0.7.1

v0.7.0

This release has 1 major semantic change and a few minor bug fixes.

Major change:

• PR#59: TCB versions are interpreted with the viewpoint of a fleet of machines rather than a more tightly constrained ordering relationship of TCB versions within a single node.

Substantive changes:

• PR#56: GitHub releases should now have prebuilt binaries of the CLI tools attached for easier adoption.
• PR#50: Adds INSTALL.md instructions for expectations about the sev-guest device

Minor changes:

• PR#63: Fixes the 32-bit build. Required for the 32-bit build of go-tpm-tools.
• PR#61: Corrects an error condition matcher that tests use, and fixes the impacted tests.
• PR#60: Typo fix.
• PR#58: Fixes an ASN1 string encoding in test-only fake certificate generation from PrintableString to IA5String.
• PR#57: Removes a workaround for clock skew on AMD KDS's NotBefore timestamp since they now back-date certificates by 24 hours.
• PR#54: Updates the AMD SEV certificate link to correspond to AMD's website reorganization.
• PR#47: A minor change to permit VLEK certificates in report data, but not yet fully support them.
• PR#46: Fixes linter errors about unused receiver variables.

v0.6.2

Changelog

• 40a285c Account for unexpected errors better in Match
• 74ccb7f Add a GoReleaser release action
• acd7c82 Add an INSTALL.md document
• 52039f7 Fix 'priviledged' typo
• d6cd532 Fix 32-bit builds
• efdb2cf Fix ASN1 type discrepancy in fake certificates
• d179b8f Fix Issue#51 with new TCB validation
• 27d7d52 Fix broken link in README
• df775bc Lint cleanup for _ receivers
• bfc5fd1 Merge pull request #46 from deeglaze/lint
• e422105 Merge pull request #47 from derpsteb/fix/flags_bitmask
• a3e7158 Merge pull request #50 from deeglaze/install
• 708b4eb Merge pull request #54 from deeglaze/sevcert
• e3c8cd5 Merge pull request #56 from deeglaze/releasebin
• 5b44841 Merge pull request #57 from deeglaze/skewbgone
• 8b363ef Merge pull request #58 from deeglaze/fixia5
• 14e1b8e Merge pull request #59 from deeglaze/tcbcomp
• d2f2129 Merge pull request #60 from deeglaze/privtypo
• 8271b48 Merge pull request #61 from deeglaze/errs
• 14ac50e Merge pull request #63 from deeglaze/bit32
• 4a4701c Remove KDS clock skew workaround
• 77cc6c1 Update attestation_report 'flags' bitmask

v0.6.1

Minor fix for self rate-limiting to go slower and allow configurable values, since production attestation tests can still fail with a deleted VMPCK0.

v0.6.0

Rerelease of v0.6 to integrate more smoothly with Golang tools.

v0.6

Added certificate verification and attestation robustness features.

New recommendation for verify.SnpAttestation: Use verify.DefaultOptions() instead of &verify.Options{}.

This is a minor breaking release for some exported functions' signatures, but to increase uniformity. Where some fields were passed, now the entire options object is passed.

Functions affected:

• verify.GetAttestationFromReport
• verify.GetCrlAndCheckRoot
• verify.VcekNotRevoked
• trust.AMDRootCerts.X509Options

The API changes are permanent, but the robustness features are temporary. Most users should not be affected since recommended usage is to just use verify.SnpAttestation.

While distributions update their kernels to 6.4 or later, there's a chance 47894e0fa6a5 is included and 72f7754dcf31 isn't, such that a host may throttle GET_REPORT and the sev-guest driver will delete the VMPCK0 instead of allow the command to try again.

The KDS clock skew option is a stop-gap to avoid getting "certificates from the future" that fail to verify while AMD updates its KDS semantics to back-date its certificates by a day.

v0.5.2

Includes fixes to the testclient to account for the change to ProductCerts representation in the AMDRootCerts struct. Changes VCEK certificate checking to a full chain verification. The "bad root" test construction needed to be fixed to accommodate the way x509.Verify works.

v0.5.1 DO NOT USE

This bug release fixes a defect in the testclient in v0.5.0. The change to AMDRootCerts to use ProductCerts did not get carried into the testclient implementation.

EDIT: Also includes a defect with testclient's badroot accidentally verifying.

v0.5.0 DO NOT USE

AMDRootCerts has changed to collect the x509 certificates into a pair type ProductCerts. This is backwards-incompatible with existing constructions of AMDRootCerts, so this release has bumped the "pre-1.0 major version", to 0.5.0. This refactor is paired with a fix to FakeKDS to fetch the product certs on construction since the default root certificates do not carry x509 certificates.

Internal testing of the go-tpm-tools integration on SEV-SNP hardware exposed this bug.

EDIT: Missed a couple changes that makes this a defective release.

v0.4.5

This is a minor bugfix release.

The only change is to how SevFirmwareErr and SevEsErr are defined, so they are idiomatic error types.