What's Changed

• Revert "Add HashNonce flag to Attest and VerifyAttestation (#585)" by @alexmwu in #601
• Add a GCE SP800-155 eventlog and a cGKE eventlog by @alexmwu in #599
• fix: Replace metadata server error with warning by @onlyshawn in #603
• Add ITA support to CS by @alexmwu in #605
• Remove cmd dependency on containerd by @alexmwu in #606
• Update end-to-end testing to use fake verifier by @mayafleischer in #607
• Add SVSM e-vTPM support to go-tpm-tools by @jxu023 in #600

New Contributors

• @onlyshawn made their first contribution in #603
• @mayafleischer made their first contribution in #607
• @jxu023 made their first contribution in #600

Full Changelog: v0.4.6...v0.4.7

Breaking Change:

• #596 cel.AppendEventPCR and cel.AppendEvent stop taking in []crypto.Hash, instead they will get all available PCR banks from the TPM capability.
• #585 this may be a breaking change to users that don't populate AKPub within the attestation proto. This was never optional, and it was always populated by the go-tpm-tools client code.

What's Changed

• Remove VerifyAttestation dependency on SNP/TDX by @alexmwu in #523
• Update the LICENSE to accurately describe the simulator by @chrisfenner in #537
• Update the comment in simulator.go by @jkl73 in #538
• [launcher] Clean up cloudbuild config by @jkl73 in #539
• Add pk and kek to the SecureBootState proto message and populate them. by @eytankidron in #534
• Fix a grub eventlog parsing issue with null terminator by @jkl73 in #540
• merge tdx_rtmr to main by @jkl73 in #543
• Update releaser actions. by @deeglaze in #546
• Update releaser.yaml to allow manual triggers by @alexmwu in #547
• Update releaser.yaml to allow for specifying ref by @alexmwu in #548
• Support manual triggers of goreleaser by @alexmwu in #550
• Allow releaser workflow to modify Releases by @alexmwu in #551
• Update go-sev-guest to v0.13.0 by @deeglaze in #552
• Add ITA Verifier Client by @jessieqliu in #530
• Add ITA Attest to teeserver by @jessieqliu in #532
• Add privileged cs experiment flag by @JoshuaKrstic in #558
• [launcher] Add privileged launch policy options by @alexmwu in #526
• Add event parsing logic for GPU device specific event (#561) by @meetrajvala in #562
• Clean up tmpfs and privileged experiments by @alexmwu in #563
• Add cloudbuild tests for NPD health monitoring by @jessieqliu in #508
• Add back support for SNP and TDX attestation only for the gotpm CLI by @alexmwu in #555
• [launcher] Disable konlet in CS debug image by @jkl73 in #570
• [launcher] Update cs host directory permission by @jkl73 in #571
• Add option to skip Calling EFI Application check by @alexmwu in #573
• Add alias to proto buffer and remove extra imports by @yawangwang in #576
• Update releaser config so it won't run on a PR by @jkl73 in #579
• [launcher] del launcher unit test TestWithAgent by @jkl73 in #583
• Fix comment in TEE server by @JoshuaKrstic in #584
• TEE Server Error code Translation by @Sibcgh in #587
• Add testutils package to make select test helpers publicly available by @jessieqliu in #589
• Add VerifyCS experiment flag by @jessieqliu in #588
• Attest now will pass in a default audience instead of passing an error by @Sibcgh in #580
• Remove duplicated code in rest verifier by @jkl73 in #590
• Add VerifyConfidentialSpace to verifier.Client by @jessieqliu in #593
• cel.AppendEventPCR extends to all PCR banks by @jkl73 in #596
• Remove Attested COS specific CEL parsing logic by @meetrajvala in #597
• Add HashNonce flag to Attest and VerifyAttestation by @alexmwu in #585

New Contributors

• @eytankidron made their first contribution in #534
• @Sibcgh made their first contribution in #587

Full Changelog: v0.4.5...v0.4.6

Breaking Changes

Populate the SNP/TDX Machine State field with the verified SNP/TDX attestation data + use a stable COS image version #463

• Removes verifyGceTechnology export
  Support health monitoring mode for NPD #479
• Changes signature of spec.GetLaunchPolicy

New Features

Add event-log flag to cmd package #423
add custom nonce flag to cmd package token subcommand #451

Bug Fixes

Fix bug dropping CEL in launcher attestations #438
fix invalid check and restore workaround from #72 #435
Error message should return length of digest #436
[launcher] Fix a concurrent TPM access issue #434
Fix releaser.yaml and ci.yml file on macos #444
Refresh SA auth token in signaturediscovery client before fetching container image signatures #449
Fix an uint conversion #452
[launcher] Try to fix cloudbuild for launcher #458
Release lock if generating attestation returns error #475
Add mutex to failing client to prevent concurrent writes #494

Other Changes

Add PKI and LIMITED_AWS token types for VerifyAttestation. #430
Move verifier package to its own submodule #447
Delte files used for AUR packaging #457
Add version information and fix cloudbuild #455
Update go-sev-guest version and API use #445
Update typo in README.md #459
Add SEV-SNP policy for signed UEFI measurements #446
Update gce-tcb-verifier version. #468
[launcher] Optimize serial read in test #470
[launcher] Switch base image to 113 cos #467
Use confidentialcomputing api v1.6.0 to send SEVSNP attestation #472
Adding EV_EVENT_TAG support for PCR9 #471
Update gce-tcb-verifier dependency #485
remove duplicate error check #488
Log detailed errors if refreshing SA credential goes wrong #481
Use confidentialcomputing api v1.6.0 to send TDX attestation #477
Removed experiment flags that we would no longer consider rolling back #483
Add retry to container signature fetch in agent #489
Export function to extract and validate AK from server #492
Override /dev/shm size only when specified #493
Add tempfs experiment and gate mounting behind it #490
Instantiate backoff strategy per goroutine #496
Remove EnableSignedContainerCache + EnableMeasureMemoryMonitor from container launcher #498
Refactor CEL AppendEvent, to support RTMR #486
Change ParseCosCEL* to return an AttestedCosState #501
[launcher] launcher can expose IPv6 ports as well #505
Add the location of the service we are calling to the API error logs #506
Start NPD after LaunchSpec Verification #507
Send client logs with the cloud logging library #474
[launcher] Add DA lockout params when launching #469
[launcher] Merge upstream/tdx_rtmr #513
Bump the go_modules group across 3 directories with 1 update #512
Bump the go_modules group across 4 directories with 1 update #514
Revert "[launcher] Merge upstream/tdx_rtmr (#513)" #516
Apply retry logics in confidential computing API + workload image puller #511
Change container workload's default OOM Score #522
Reduce NPD full config #520
Add client-side experiment for NPD Health Monitoring config #525
Bump go-sev-guest to v0.12.1 #527
Add AWS Principal Tag type to launcher #515

New Contributors

@savely-krasovsky in #435
@hkolvenbach in #436
@liamjm in #459

Breaking Changes:

[launcher/cmd] Refactor verifier for issue #419

• Unexport cmd.Instance, cmd.MetadataServer, cmd.NewMetadataServer.
• Move package verifier from launcher to go-tpm-tools.
  • verifier.Client, verifier.Challenge, etc.
• Move package fake from launcher to go-tpm-tools.
  • fake.Claims, fake.NewClient, etc.
• Move package rest from launcher to go-tpm-tools.
  • rest.NewClient, rest.BadRegionError, etc.

New Features:

[cmd] Add new command token in the CLI tool #375
[cmd] add records to cloud logging when fetching token from attestation verifier #417

Bug Fixes:

Statically link binaries built by goreleaser #425

Other Changes:

Update readme to gotpm CLI instructions. #424, #426

New Contributors:
@Ruide in #375
@qinkunbao in #424

New Features:

[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412

Bug Fixes:

[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413

Other Changes:

Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414

New Contributors:

@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407

New Features:

[launcher] Add experiment support #352
[launcher] Integrate signature discovery client into attestation agent #343

Bug Fixes:

Make launcher host tmp directory before experiment fetch #363

Other Changes:

[launcher] Print kernel cmdline on builds #268
Import latest version of go-tdx-guest #373
[launcher] Print signature details instead of signature object #374
[launcher] Add image tests for the experiments binary #378
Update go-sev-guest to v0.9.3 #381

New Features:

[launcher] Verify FS and mount before launch #311
Integration of go-tpm-tools with go-tdx-guest #347

Intra-release Breaking Changes:

Add launcherfile package for path and file consts #356 breaks #333

Bug Fixes:

[launcher] Update the token refresh logic #325
[launcher] Fix logging blocking issue #338

Other Changes:

[launcher] Add a new metadata flag of signedImageRepos #320
Update go-sev-guest to v0.7.0 #329
[launcher] Add SSH test for image. #314
Add supported architectures to ci.yml #330
Fix the go version number error #326
[launcher] Signature discovery: fetch a signed image manifest at for parsing #324
[launcher] Export attestation token filepath and filename #333
[launcher] Increase the max file descriptor #339
[launcher] Add a signature interface and a library to parse signature from image manifest #328
Rename TdxVerify function to TdxQuote in server package. #353
[launcher] Use V1 SDK in launcher verifier client #305
Update and tidy dependencies #344

New Contributors

@yawangwang in #320
@Jingshui1037 and @hustliyilin in #326
@jrjatin in #353

New Features:

[launcher] Add capability to open ports #294
Allow loading of cached keys #313

Other Changes:

Use legacy tpm2 at its new path #318
Add GoReleaser release action for gotpm CLI #319
Update go-tpm dependency to 0.9.0 #321

New Contributors

@3u13r in #313

New Features:

Add attest and verify command to gotpm #293
Add tee_technology flag and test for tee_technology flag #307 (intra-release breaking change)

Other Changes:

Add OS Policy assignment tests for both debug and hardened. #301 Add a wrapper for ExternalTPM #302
Update to go-sev-guest v0.6.0 #304
Update base image family to use cos-dev #306
Update go-sev-guest to v0.6.1 #308

New Contributors

@Pranjali-2501 in #293
@michael-pregman in #301