Skip to content

SCONE 5.6.0

Bug Fixes

A large number of fixes.

Features

  • cas: add 2FA with One-time Password support (3cfb7f5), closes #1223
  • cas: Add DB certificate format v2 to CAS REST API (d6ab8af)
  • cas: add DCAP attestation (e4e01d8)
  • cas: Allow relaxing TCB status check when registering CAS backups/upgrades (c452f93)
  • cas: Only issue DB certificates when unprovisioned (2c7a580)
  • cas: provisioning on command line (0e43356)
  • cas: Require at least one attestation factor for services (f48b78c)
  • cas: Seal secret retrieval interface after attestation (437d255), closes #1167
  • cas: Support DCAP attestation for CAS backups & upgrades (6f4773e)
  • cli: generic cas attestation (adds DCAP) (05d7423)
  • cli: warn about losing CAS owner identity (f59c48c)
  • dockerfiles: Add and default to Ubuntu 20.04 images (b217d9f)
  • dockerfiles: add mariadb with fspf (8ba1fba)
  • dockerfiles: added PySpark-3.1.1 (ff3e6c0)
  • las: print scone version (45c2601)
  • las: show aesm logs in non-interactive containers (e5a58cb)
  • libsgx: dynamic enclave size (7af147c)
  • pyspark: enable Kubernetes support (f2814e6)
  • runtime: add basic support for passing fds between processes (b884976)
  • runtime: Add supported Intel SGX Root CA cert version to DCAP quote output (da1cd35)
  • runtime: cache cpuid results (1639faa)
  • runtime: Enable external argv and env (0753722)
  • runtime: handle more rlimits in enclave (8153fbc)
  • runtime: improve logging of scone_lock (7b9c919)
  • runtime: in-enclave sleeping (ba81d14)
  • runtime: libsgx: allow simulated mode on AMD chips (828b0e3)
  • runtime: simulate iret instruction (986ab30)
  • runtime: support DCAP quote generation (dd6118c)
  • rust: Update to Rust 1.54.0 (4d2e6d1)
  • scone-signer: add sconify option (8205a7f)
  • sconify: add --log option (1243ab1)
  • sconify: add attestation vulnerability opts (22c6ff7), closes #1301 #1302
  • sconify: add fail if session exists option (9d43057)
  • sconify: add K8s Services to generated Helm charts (22316c9), closes #1105
  • sconify: add progress bar (391435f)
  • sconify: add sconify host tests (f424c5c)
  • sconify: adjust sconify production config (6b8bfc8)
  • sconify: allow Helm chart parameter overriding (4442b64), closes #1218
  • sconify: detect and add docker-entrypoint.sh (3b1fc5c)
  • sconify: detect go binaries (2965f4a)
  • sconify: enable entire image encryption (eb1a2c2), closes #1288
  • sconify: enable Helm chart generation with --dry-run (c66ed4c)
  • sconify: enhance namespace handling (a5520a6)
  • sconify: generate Kubernetes manifests from charts (6f38da1), closes #1215
  • sconify: include LD_LIBRARY_PATH in sessions (99cbbe0), closes #1248
  • sconify: enhance session creation (e4063f5)

Performance Improvements

  • runtime: free overallocated memory once file is closed (9c24280)
  • generate binaryfs in cli via a blob (0ee9397), closes #1059
  • improve memory allocation for protection data (see #1263) (b72dd72)
  • reintroduce nodelay on enclave side (b231ece)