Skip to content
This repository has been archived by the owner on Jul 20, 2023. It is now read-only.

Commit

Permalink
Update release notes
Browse files Browse the repository at this point in the history 
Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
  • Loading branch information
@fitzthum @fidencio
fitzthum authored and fidencio committed Jan 19, 2023
1 parent 920e5fd commit 8a8ff5a
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions releases/v0.3.0.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
# Release Notes for v0.3.0
Release Date: TBD
Release Date: January 20th, 2023

Code Freeze: TBD
Code Freeze: January 13th, 2023

Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential Containers

## What's new
- Support for pulling images from authenticated container registries. See [design info](https://github.com/confidential-containers/image-rs/blob/main/docs/image_auth.md).
- Significantly reduced resource requirements for image pulling
- Attestation support for AMD SEV-ES
- `kata-qemu-tdx` supports and has been tested with Verdictd
- Support for `get_resource` endpoint with SEV(-ES)
- Enabled cosign signature support in enclave-cc / SGX
- SEV attestation bug fixes
- Measured rootfs now works with `kata-clh`, `kata-qemu`, `kata-clh-tdx`, and `kata-qemu-tdx` runtime classes.
- IBM zSystems / LinuxONE (s390x) enablement and CI verification on non-TEE environments
- Enhanced docs, config, CI pipeline and test coverage for enclave-cc / SGX

## Hardware Support
Confidential Containers is tested with attestation on the following platforms:
Expand All @@ -16,7 +25,7 @@ Confidential Containers is tested with attestation on the following platforms:
The following platforms are untested or partially supported:
- Intel SGX
- AMD SEV-ES
- IBM Z SE
- IBM Secure Execution (SE) on IBM zSystems & LinuxONE

The following platforms are in development:
- AMD SEV-SNP
Expand All @@ -26,9 +35,8 @@ The following platforms are in development:
The following are known limitations of this release:

- Platform support is currently limited, and rapidly changing
* s390x is not supported by the CoCo operator
* AMD SEV-ES has not been tested.
* AMD SEV does not support container image signature validation.
* AMD SEV-ES is not tested in the CI.
* Image signature validation has not been tested with AMD SEV.
* s390x does not support cosign signature validation
- SELinux is not supported on the host and must be set to permissive if in use.
- Attestation and key brokering support is still under development
Expand Down Expand Up @@ -58,7 +66,7 @@ The following are known limitations of this release:
* Container images are downloaded by the guest (with encryption), not by the host
* As a result, the same image will be downloaded separately by every pod using it, not shared between pods on the same host. [More info](https://github.com/confidential-containers/community/issues/66)
- The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
* We track our status with the OpenSSF Best Practices Badge, which increased to 46% at the time of this release.
* We track our status with the OpenSSF Best Practices Badge, which increased to 49% at the time of this release.
* The main gaps are in test coverage, both general and security tests.
* Vulnerability reporting mechanisms also need to be created. Public github issues are still appropriate for this release until private reporting is established.

Expand Down

0 comments on commit 8a8ff5a

Please sign in to comment.