Skip to content

SCONE 5.7.0

Bug Fixes

A large number of fixes.

Features

  • cas: Add enclave identities to audit log (e86743a)

  • cas: Add PKCS#12 secret injection (7186d12)

  • cas: Better error message on runtime->CAS authentication failure (0ad72f1)

  • cas: Print CAS keys when SCONE_VERSION=1 (74d0bc3)

  • cas: Runtime connection timeouts (6ac8aef)

  • cas: Send TLS close notify when closing enclave connection (6240ee8)

  • cas: Support DCAP attestation reports in audit logs (1c9cc09)

  • cas: Update OpenSSL libcrypto from v1.1.1d to v1.1.1k (72dae01)

  • cas: Update SQLCipher from v4.3.0 to v4.5.0 (cdfbf78)

  • cas: Use tracing as log backend (42badfd)

  • cross-compiler: check hash of the prebuilt cross-compiler archive (20da4d3)

  • dockerfiles: add glibc Makefile, ubuntu runtime image (3133d24)

  • dockerfiles: add memcached pyclient for kubeapps demo (b134e0a)

  • dockerfiles: Add sconecuratedimages/kubernetes:las.no-epid alias (d6b2435)

  • dockerfiles: add TensorFlow-2.7.0 (ac215e0)

  • dockerfiles: This commit extends fork to support sgx2. (e402aa0)

  • dockerfiles: Introduces a feature to do partial heap transfers. (069dbc3)

  • dockerfiles: Update to Intel SGX SDK 2.15.1 (1c93ed8)

  • dockerfiles: Add Microsoft Azure LAS image for ICX (5337712)

  • dockerfiles: support DT_FILTER (d759362)

  • dockerfiles: make cargo-clippy CLIPPY_ARGS="--fix" (2b37c2a)

  • dockerfiles: support /proc/self/cmdline (e27434c)

  • dockerfiles: Add CAS info to error messages when attestation fails (c7e8079)

  • dockerfiles: Add sendfile for Network Shield (135f7d8)

  • runtime: add sendmmsg syscall (5a4e4db)

  • runtime: Show hints when connecting to non-default CAS port (ca909c7)

  • runtime: support dynamically linked position-dependent executables (34f0ddd)

  • rust: Update from Rust 1.56.1 to Rust 1.57.0 (fbb0b01)

  • sconify: add GLibC support (25dd3cb)

  • runtime: add virtual syscalls for handling dlopen in glibc (7d9ceb7)

  • runtime: crash when c runtime tries to get a rust runtime fd (81edcc9)

  • runtime: filter getdent results (f52a30f)

  • runtime: improve dynamic library loader (56d549a)

  • runtime: introduce elf fs (29837e8)

  • runtime: introduce optional optimization for fork in sim mode (fafb8c6)

  • runtime: Network Shield (9c79a94)

  • runtime: Reconnect to CAS (c49e102)

  • runtime: Send keep-alive messages (0746d89)

  • runtime: Set CAS connection read timeout (5b6ea86)

  • runtime: support ethtool ioctl (da3b990)

  • runtime: support loading glibc applications (546d8fc)

  • runtime: support runtime extensions with glibc (10d05e9)

  • rust: Update to Rust 1.56.1 (f161374)

  • signer: print list of dependencies during signing with --verbose (3084be4)

  • runtime: support switching between application and runtime tls (5559560)

  • rust: Allow X.509 identities with partial certificate chains (1085a6e)