SCONE 5.7.0
Bug Fixes
A large number of fixes.
Features
-
cas: Add enclave identities to audit log (e86743a)
-
cas: Add PKCS#12 secret injection (7186d12)
-
cas: Better error message on runtime->CAS authentication failure (0ad72f1)
-
cas: Print CAS keys when SCONE_VERSION=1 (74d0bc3)
-
cas: Runtime connection timeouts (6ac8aef)
-
cas: Send TLS close notify when closing enclave connection (6240ee8)
-
cas: Support DCAP attestation reports in audit logs (1c9cc09)
-
cas: Update OpenSSL libcrypto from v1.1.1d to v1.1.1k (72dae01)
-
cas: Update SQLCipher from v4.3.0 to v4.5.0 (cdfbf78)
-
cas: Use tracing as log backend (42badfd)
-
cross-compiler: check hash of the prebuilt cross-compiler archive (20da4d3)
-
dockerfiles: add glibc Makefile, ubuntu runtime image (3133d24)
-
dockerfiles: add memcached pyclient for kubeapps demo (b134e0a)
-
dockerfiles: Add sconecuratedimages/kubernetes:las.no-epid alias (d6b2435)
-
dockerfiles: add TensorFlow-2.7.0 (ac215e0)
-
dockerfiles: This commit extends fork to support sgx2. (e402aa0)
-
dockerfiles: Introduces a feature to do partial heap transfers. (069dbc3)
-
dockerfiles: Update to Intel SGX SDK 2.15.1 (1c93ed8)
-
dockerfiles: Add Microsoft Azure LAS image for ICX (5337712)
-
dockerfiles: support DT_FILTER (d759362)
-
dockerfiles: make cargo-clippy CLIPPY_ARGS="--fix" (2b37c2a)
-
dockerfiles: support /proc/self/cmdline (e27434c)
-
dockerfiles: Add CAS info to error messages when attestation fails (c7e8079)
-
dockerfiles: Add sendfile for Network Shield (135f7d8)
-
runtime: add sendmmsg syscall (5a4e4db)
-
runtime: Show hints when connecting to non-default CAS port (ca909c7)
-
runtime: support dynamically linked position-dependent executables (34f0ddd)
-
rust: Update from Rust 1.56.1 to Rust 1.57.0 (fbb0b01)
-
sconify: add GLibC support (25dd3cb)
-
runtime: add virtual syscalls for handling dlopen in glibc (7d9ceb7)
-
runtime: crash when c runtime tries to get a rust runtime fd (81edcc9)
-
runtime: filter getdent results (f52a30f)
-
runtime: improve dynamic library loader (56d549a)
-
runtime: introduce elf fs (29837e8)
-
runtime: introduce optional optimization for fork in sim mode (fafb8c6)
-
runtime: Network Shield (9c79a94)
-
runtime: Reconnect to CAS (c49e102)
-
runtime: Send keep-alive messages (0746d89)
-
runtime: Set CAS connection read timeout (5b6ea86)
-
runtime: support ethtool ioctl (da3b990)
-
runtime: support loading glibc applications (546d8fc)
-
runtime: support runtime extensions with glibc (10d05e9)
-
rust: Update to Rust 1.56.1 (f161374)
-
signer: print list of dependencies during signing with --verbose (3084be4)
-
runtime: support switching between application and runtime tls (5559560)
-
rust: Allow X.509 identities with partial certificate chains (1085a6e)