Skip to content

SCONE 5.10

SCONE 5.10.1

🐞 Bug Fixes

  • Check whether rdtscp is available to prevent invalid CPU instruction.

SCONE 5.10.0

🛡️ CAS

  • Add support for Azure Key Vault (AKV) secret decryption.
  • Include binary & PKCS#1 support for AKV secret decryption.
  • Add a session hash to the audit log.
  • Provide a session listing endpoint.
  • Add a session salt.
  • Allow triggering of database snapshotting using SIGUSR1.
  • Print enclave attestation errors in the CAS debug log.
  • Implement liveness and readiness probes.
  • Include a new health report endpoint.
  • Prevent CAS upgrades if no upgrade instances are registered.
  • Warn when the CAS database opens in read-only mode.
  • Add a list_sessions access control policy.
  • Upgrade PCK certificate fetching to use the DCAP v4 API.
  • Add bulk platform PCK certificate loading for Intel DCAP.

📜 Custom Resource Definition

  • Add EDMM support.

♻️ Safety Service

  • Add toleration field defaulting to an empty list.

⚙️ Runtime

  • Add logging that auto-downgrades reoccurring messages.
  • Add EDMM metrics.
  • Add MemTotal to the virtual /proc/meminfo.
  • Support pthread_setname_np and pthread_getname_np.
  • Handle rdtscp instruction simulation.
  • Implement the copy_file_range syscall.
  • Improve error messages on CAS connection reset or timeout.
  • Increase the Network Shield protocol error log level.
  • Print the Network Shield config on startup.
  • Support fork with mprotect enabled.
  • Add support for in-kernel (/dev/sgx_enclave) EDMM.
  • Add support for gc/golang applications.
  • Add support for posix_spawn and vfork(2).
  • Tolerate missing file system permissions.
  • Transfer the application's exit reason from the runtime to CAS.

🐳 New & Updated Images

  • Include runtime:ubuntu22.04 and runtime:ubuntu24.04 images.
  • Add a pytorch 2.6.0 image.
  • Add a mysqld metrics exporter.
  • Provide new nginx images.
  • Add crosscompilers:alpine3.21 and crosscompilers:ubuntu24.10.
  • Include new golang images.
  • Add a mariadb 11.4.5 image.
  • Add maxctrl-binary-fs and maxscale 24.02.1.
  • Include a maxscale binary-fs version.
  • Add python:3.10-ubuntu22.04 and python:3.13 (no-GIL).
  • Add an rclone 1.69 image with multiple bases.
  • Include a scone-ubuntu-pkgs image.
  • Add various sconecli images, including for Ubuntu, Alpine, and Docker-in-Docker.
  • Update the CAS base image to alpine:3.21.3.
  • Update the python latest tag and add version 3.13.2-alpine3.21.

⌨️ Command-Line Tools

  • Allow audit log verification without a CAS network connection.
  • Allow verbatim session parsing.
  • Introduce sscone and nscone binaries.
  • Provide musl and gnu versions of libscone-cli with support for attestation, provisioning, and session uploading.
  • Add a parameter to libscone-cli to enable offline attestation.
  • Offer audit log and REST signature verification via libscone-cli.
  • Add runtime hooks support to sconify-image.
  • Add a version command in scone-signer.

🧰 Toolchain

  • Upgrade the Rust compiler to version 1.87.0.

🐞 Bug Fixes

  • Fix various stability and performance bugs.