v1.6.0

What's Changed

Additions

• Log TCB advisories if status is not UpToDate by @thomasten in #729
• Allow specifying accepted avisories for SWHardeningNeeded TCB status by @daniel-weisse in #733
• Let Coordinator serve monotonic counters to Marbles by @thomasten in #741
• Derive marble private secrets using marble type in addition to UUID by @daniel-weisse in #730
  • Previously, secrets were only derived based on a Marble's UUID, which would provide two different Marbles reporting the same UUID with the same secret. This release enforces two different Marbles will always receive different secrets, regardless of their UUID. If two Marbles require access to the same secret, the secret should be marked as Shared instead. To restore the behavior of MarbleRun previous to v1.6, set the DisableSecretBinding property of the Marble in the manifest to true.

Fixes

• coordinator: fix failing user verification when multiple client certs are provided by @thomasten in #738

Misc

• Change license from MPL-2.0 to BUSL-1.1 by @thomasten in #752

Full Changelog: v1.5.2...v1.6.0

v1.5.2

What's Changed

• Fix OE_JSON_INFO_PARSE_ERROR during attestation verification with recent Intel collaterals

Full Changelog: v1.5.1...v1.5.2

v1.5.1

What's Changed

Fixes

• coordinator: don't include OE header in signature for raw SGX quotes when calling /sign-quote endpoint by @daniel-weisse in #718
• cli: don't try to download era config if --insecure flag is set by @daniel-weisse in #721

Misc

• api: elaborate on nonce and quote by @thomasten in #683
• charts: use v2 api for probes by @thomasten in #693
• Update samples to Gramine v1.7 by @daniel-weisse in #599

Full Changelog: v1.5.0...v1.5.1

v1.5.0

What's Changed

Additions

• cli: allow users to use a custom nonce for SGX quote verification using --nonce flag by @daniel-weisse in #644

• cli: add --save-sgx-quote flag to save a Coordinator's SGX quote to disk by @daniel-weisse in #647

• Add a public Go API by @daniel-weisse in #658

  • Offers functions to interact with the Coordinator Client API, and implements the same functionality as the CLI
  • documentation: https://pkg.go.dev/github.com/edgelesssys/marblerun/api

• coordinator: Add client API v2, which offers the same endpoints as the previous client API with an updated format by @daniel-weisse in #661

  • API v1 is still available and functional in the Coordinator, but should be considered deprecated
  • The CLI and Go API will default to using the v2 API, falling back to v1 if unavailable
  • API reference is available at https://docs.edgeless.systems/marblerun/reference/coordinator

• coordinator: add a new client API endpoint, /api/v2/sign-quote, to verify and sign SGX quotes by @daniel-weisse in #659

  • Requires setting the new manifest option .Config.FeatureGates to ["SignQuoteEndpoint"] to enable

• cli: allow setting multiple DNS names or IPs using --domain flag in marblerun install by @daniel-weisse in #674

• coordinator: add manifest option to seal with unique key or disable sealing by @thomasten in #677

  • controlled by setting the new manifest option .Config.SealMode:
    • ProductKey: Sealing uses the product key. This is the default if not set.
    • UniqueKey: Sealing uses the unique key.
    • Disabled: If set, the Coordinator won't persist state. This can be useful for ephemeral deployments.

Full Changelog: v1.4.1...v1.5.0

Release v1.4.1

What's Changed

Security

This release includes a critical security fix and a security feature improvement.
Please read this changelog carefully and check whether you're affected.
If you're affected, you should update as soon as possible.
If you're not affected, we still recommend updating for the case that you might be affected in the future by changing the manifest.

• Fixed a critical issue with TTLS. See GHSA-x5r5-2qrx-rqj8 for full details.
• Added the ability to not accept TCB status SWHardeningNeeded during remote attestation
• Update SGX libraries to 2.22 (PSW) and 1.19 (DCAP)
• Updates of other dependencies

Fixes

• Fix webhook certificates always being issued for the marblerun namespace when installing with CLI (#573)

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• Build premain on Ubuntu 20.04 by @thomasten in #487
• Allow adding additional IPs for Coordinator root cert by @daniel-weisse in #528
• Allow specifying Kubernetes namespace when installing MarbleRun, or working with a Kubernetes deployment of MarbleRun, using the --namespace flag
• Pin Coordinator root certificate for all commands interacting withe the Coordinator after marblerun manifest set
  • The certificate is saved to ~/.config/marblerun/coordinator-cert.pem by default
  • Specify the --coordinator-cert flag to set a custom location

Security fixes

• Fix a MITM vulnerability when using the CLI to interact with a MarbleRun deployment after the manifest has been set
  • See the advisory for more details

Full Changelog: v1.3.0...v1.4.0

v1.3.0

Fixes

• fix nightly image builds by @thomasten in #435
• fix webhook certificates not being reloaded on change by @daniel-weisse in #470
• remove version label from marble-injector selector by @daniel-weisse in #472
  • this caused issues resulting in the deployment being unable to be upgraded to a new image version using helm
  • when upgrading from a previous release using Helm, the marble-injector deployment has to be removed before upgrades can be applied:

    kubectl delete deployments -n marblerun marble-injector
    helm upgrade -n marblerun marblerun ...

Additions

• cli: require chart path when using enterprise access token by @thomasten in #433
• helm: Make health probes of Coordinator deployment configurable by @daniel-weisse in #442
• remove az-dcap-client from Coordinator image by @daniel-weisse in #447
  • the image now uses just libsgx-dcap-default-qpl
  • the Coordinator will still automatically configure itself to run with the Azure PCCS if available
  • the --dcap-qpl flag has been deprecated since it is no longer necessary to set the QPL to use (there is only one)
• Build CLI for Ubuntu 20.04, 22.04, and AppImage by @thomasten in #459
  • This means release will now include CLI binaries built for Ubuntu 20.04, Ubuntu 22.0, and an AppImage for Linux x86_64

Full Changelog: v1.2.0...v1.3.0

Edit (28.08.2023)

The CLI binaries marblerun-x86_64.AppImage and marblerun-ubuntu-20.04 were built on an incorrect commit (3750726f912244854c1b000c2c6085d0da158b5f instead of 411e3bcbb01a9a069c69d87f6713a0cde282511b).
We have since updated the binaries and the checksums.txt file.
The old, incorrect files are still available in the release with the old. prefix.
Other files were left untouched.

v1.2.0

Fixes

• add missing YAML conversion to manifest verify by @daniel-weisse in #391
• fix Recover call not properly resetting store's recovery mode by @daniel-weisse in #395
• return error on SetManifest if state cannot be committed by @daniel-weisse in #397
• align capitalization of log messages by @daniel-weisse in #394

Additions

• output status if tcb level is invalid by @thomasten in #386
• better error message on failed property validation by @daniel-weisse in #425

Misc

• split util package to reduce dependencies of premain by @thomasten in #387
• remove context.TODO from CLI by @daniel-weisse in #390
• Only work on store transactions by @daniel-weisse in #388
• Move file saving from Sealer to StdStore by @daniel-weisse in #392
• add versioned docs by @m1ghtym0 in #399

Full Changelog: v1.1.0...v1.2.0

v1.1.0

Fixes

• charts: fix namespace in injector.yaml by @OverOrion in #366
• charts: fix missing provision in resources.limits by @OverOrion in #367

Additions

• docs: add examples for multi-party workflows by @m1ghtym0 in #355
• charts: enable MarbleRun Kubernetes installation using only helm by @daniel-weisse in #368
• charts: allow usage of custom PVC for Coordinator storage by @daniel-weisse in #382
• Update Go version to v1.20

Misc

• ci: update image name in workflow by @daniel-weisse in #364
• Update sample-manifest.json by @thomasten in #365
• Upgrade dependencies by @daniel-weisse in #369
• docs: update helm installation docs by @daniel-weisse in #372
• docs: reference AllowedTCBStatuses in manifest docs by @daniel-weisse in #375
• charts: Set all required resources keys for Intel Device Plugin by @daniel-weisse in #376
• Don't use apt in running container by @daniel-weisse in #379
• Refactor CLI code by @daniel-weisse in #380
• Remove direct dependency on gorilla mux by @daniel-weisse in #384

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Fixes

• Fix potentially invalid variable access by @daniel-weisse in #324
• Catch potential seg fault when updating debug marbles by @daniel-weisse in #325
• Remove nodename from gramine libos detection by @lead4good in #333

Additions

• Add logging for failed marble activations by @daniel-weisse in #329
• Allow TCB levels to be accepted besides UpToDate by @OverOrion in #344
• Enforce unique certificates for users by @daniel-weisse in #353
• Reuse existing era config file by @daniel-weisse in #358
• Add reproducible build and production build by @thomasten in #362

Misc

• Separate client API from core package by @daniel-weisse in #328
• Only inject UUID volumes if not already present by @daniel-weisse in #330
• Update samples and PreMain for Gramine v1.3 compatibility by @daniel-weisse in #346
• Don't panic in premain by @daniel-weisse in #360

New Contributors

• @OverOrion made their first contribution in #344

Full Changelog: v0.6.1...v1.0.0