v0.4.4

Re-release of v0.4.3 since PR#34 was not included.

This release includes initial support for a VM-specific additional certificate that is possible to add with SEV-SNP host patch series v7's KVM_SEV_SNP_SET_CERTS command. The GUID here is what we chose to identify the GCE firmware endorsement document. More details about the endorsement document are coming later, perhaps in a different repository.

v0.4.3

This release includes initial support for a VM-specific additional certificate that is possible to add with SEV-SNP host patch series v7's KVM_SEV_SNP_SET_CERTS command. The GUID here is what we chose to identify the GCE firmware endorsement document. More details about the endorsement document are coming later, perhaps in a different repository.

v0.4.2

This patch release includes improved testing capabilities and default HTTPSGetter behavior.

v0.4.1

This patch release is to fix an omission from v0.4.0: how to reliably test without a cache of KDS results for a small set of machines.
The default fetch behavior now accounts for AMD KDS rate-limiting behavior by retrying on failure after waiting a short duration.
This new default should also help early adopters use the check tool with fewer network failures.

v0.4.0

Testing capability additions:

• Generic test client that allows a test to use a real or fake device depending on whether to the test is given a non-default --sev_guest_device_path flag. The flag's default value is interpreted differently across contexts. For tools, "default" is interpreted as the platform default (e.g., Linux is /dev/sev-guest). For tests, "default" is interpreted as a fake.
• AMD KDS certificate caching library for making hardware tests more reliable by not constantly connecting to AMD's server. Intended only for small machine clusters that haven't had certificates installed through the host /dev/sev device.

v0.3.0

This release includes CLI tools for collecting a SEV-SNP attestation and checking it in turn. By providing these tools, we don't require that users use Go to benefit from the library.

• attest
• check

v0.2.6

This release is for one change, for the klog dependency to use logger. The klog dependency is only meant for Terraform projects.

v0.2.5

This is a cleanup and minor bug-fix release.

• Issue #18: GetExtendedReport had incorrect behavior when the host's certificate length was 0.
• Issue #23: Replaced the glog dependency with the hard forked and maintained klog.
• Fixed a test bug that previously caused a test suite to be a no-op.
• Cleaned up golint warning that interface{} should be type any.

v0.2.4

This release adds 2 new features:

• A new validate library for checking the fields of an attestation report other than the signature checked by verify.
• New default behavior for verify to download missing certificates from AMD's Key Distribution Service to allow verification directly from a raw report.

Minor changes and bug fixes.

v0.2.3

This release comes with added support for the MSG_KEY_REQ guest request message to the AMD security processor.
There are security implications for its use, so be sure to check out LIMITATIONS.md