SCONE 5.10
SCONE 5.10.1
🐞 Bug Fixes
- Check whether
rdtscp
is available to prevent invalid CPU instruction.
SCONE 5.10.0
🛡️ CAS
- Add support for Azure Key Vault (AKV) secret decryption.
- Include binary & PKCS#1 support for AKV secret decryption.
- Add a session hash to the audit log.
- Provide a session listing endpoint.
- Add a session salt.
- Allow triggering of database snapshotting using
SIGUSR1
.
- Print enclave attestation errors in the CAS debug log.
- Implement liveness and readiness probes.
- Include a new health report endpoint.
- Prevent CAS upgrades if no upgrade instances are registered.
- Warn when the CAS database opens in read-only mode.
- Add a
list_sessions
access control policy.
- Upgrade PCK certificate fetching to use the DCAP v4 API.
- Add bulk platform PCK certificate loading for Intel DCAP.
📜 Custom Resource Definition
♻️ Safety Service
- Add
toleration
field defaulting to an empty list.
⚙️ Runtime
- Add logging that auto-downgrades reoccurring messages.
- Add EDMM metrics.
- Add
MemTotal
to the virtual /proc/meminfo
.
- Support
pthread_setname_np
and pthread_getname_np
.
- Handle
rdtscp
instruction simulation.
- Implement the
copy_file_range
syscall.
- Improve error messages on CAS connection reset or timeout.
- Increase the Network Shield protocol error log level.
- Print the Network Shield config on startup.
- Support
fork
with mprotect
enabled.
- Add support for in-kernel (/dev/sgx_enclave) EDMM.
- Add support for gc/golang applications.
- Add support for
posix_spawn
and vfork(2)
.
- Tolerate missing file system permissions.
- Transfer the application's exit reason from the runtime to CAS.
🐳 New & Updated Images
- Include runtime:ubuntu22.04 and runtime:ubuntu24.04 images.
- Add a pytorch 2.6.0 image.
- Add a mysqld metrics exporter.
- Provide new nginx images.
- Add crosscompilers:alpine3.21 and crosscompilers:ubuntu24.10.
- Include new golang images.
- Add a mariadb 11.4.5 image.
- Add maxctrl-binary-fs and maxscale 24.02.1.
- Include a maxscale binary-fs version.
- Add python:3.10-ubuntu22.04 and python:3.13 (no-GIL).
- Add an rclone 1.69 image with multiple bases.
- Include a scone-ubuntu-pkgs image.
- Add various sconecli images, including for Ubuntu, Alpine, and Docker-in-Docker.
- Update the CAS base image to alpine:3.21.3.
- Update the python
latest
tag and add version 3.13.2-alpine3.21
.
- Allow audit log verification without a CAS network connection.
- Allow verbatim session parsing.
- Introduce
sscone
and nscone
binaries.
- Provide
musl
and gnu
versions of libscone-cli
with support for attestation, provisioning, and session uploading.
- Add a parameter to
libscone-cli
to enable offline attestation.
- Offer audit log and REST signature verification via
libscone-cli
.
- Add runtime hooks support to
sconify-image
.
- Add a
version
command in scone-signer
.
- Upgrade the Rust compiler to version 1.87.0.
🐞 Bug Fixes
- Fix various stability and performance bugs.