Inclavare Containers 0.6.4 release

The new features of this release all revolve around RATS-TLS:

• Support TDX attestation in RATS-TLS.
• Compatible with OpenSSL 1.0.x version.

Other updates include:

• Verdictd and attestation-agent support to obtain keys to decrypt encrypted container images with TDX attestation based on RATS-TLS.
• Update SGX software stack from 2.13 to 2.14.
• Fix CVE vulnerabilities in shim-rune: CVE-2021-41103, CVE-2021-30465, GHSA-77vh-xpmg-72qh and GHSA-77vh-xpmg-72qh.
• CI/CD adds integration tests for RATS-TLS and EAA components.
• Each component has its own version number right now, therefore each component will control its own release rhythm.

Inclavare Containers 0.6.3 release

This is a transitional release, providing four new components of experimental features related to the new Enclave Attestation Architecture (EAA).

The new components are：

• RATS-TLS
  RATS-TLS is based on enclave-tls, with the new cmake build system and enclavazation support.

• Verdictd
  Verdictd is the attestation service in EAA. It employs RATS-TLS to establish an attested and secure channel with Attestation-Agent(AA). Currently, Verdictd serves AA for container image decryption.

• Verdict
  Verdict is a command-line tool used for the administration of Verdictd. Currently, it employs OPA to provide the user-defined policy consumed by Verdictd.

• RBI
  RBI is a framework responsible for performing reproducible and verifiable build for software BOM security in confidential computing. Currently, it supports reproducible builds of kata-agent, kernel, and firmware, and will be interacted with Verdict.

The above four new components are still under development. Currently, the release packages for them are not provided, and the integration tests are not covered.

This release also includes several CVE fixes:

• rune for CVE-2021-30465 (and thus rebased to runc v1.0.1)
• shim-rune for CVE-2021-32760, CVE-2020-28483 and CVE-2019-11254

CI/CD adds component runtime testing images to improve the testing speed and reduce the occurrences of testing failure caused by network instability.

The next release will continue to enhance the quality and stability, and publish the formal EAA design.

CHANGELOG

• Add four experimental components including RATS-TLS, Verdictd, Verdict, and RBI
• Fix CVE vulnerabilities of rune and shim-rune
• Rebase rune to runc v1.0.1

Inclavare Containers 0.6.2 release

This version is transitional, with some bug fixes, improves the quality and stability, and prepares for the next version.

The major feature in this release is that Enclave-TLS supports Crypto Wrapper and TLS instances based on OpenSSL, replacing WolfSSL due to license issue. The Crypto Wrapper and TLS instances based on WolfSSL will be maintained out of Inclavare Containers repository. If you want to know the details about Enclave-TLS, please refer to Enclave-TLS design doc.

In addition, the failure of docker exec with rune is fixed. This release also implements several CI/CD actions to improve the reusability of the workflow and enhances the error handling to improve the stability of integration testing.

The next release will continue to enhance the quality and stability, and conduct the official EAA design.

By the way, the best practice document of Inclavare-Containers in Alibaba Cloud ACK-TEE has been released. Please refer to document to deploy confidential containers in managed Kubernetes cluster for confidential computing and refer to this document to use confidential containers to implement remote attestation in a managed Kubernetes cluster for confidential computing.

CHANGELOG

• Replace WolfSSL with OpenSSL in Enclave-TLS
• Fix docker exec issue
• Improve the stability of CI/CD

Inclavare Containers 0.6.1 release

This release implements Enclave Attestation Architecture (EAA), a universal and cross-platform remote attestation infrastructure. EAA can prove that sensitive workloads are running on a genuine and trusted hardware TEE based on confidential computing technology. The formal design of EAA will be published for RFC.

This release mainly provides the following experimental and demonstrative components for EAA:

• Enclave-TLS
  Enclave-TLS enhances the standard TLS to support the trusted communications between heterogeneous hardware TEEs based on confidential computing technology, which is evolved from the ra-tls (deprecated). Even a non-hardware TEE platform using Enclave-TLS can communicate with a hardware TEE, e.g, SGX Enclave, through the attested and secured channel to transmit the sensitive information. In other words, the boundary of TCB is extended from the execution environment to network transmission with Enclave-TLS. In addition, Enclave-TLS has an extensible model to support various hardware TEE.

• Confidential Container
  Confidential container in the form of the enclave runtime Occlum responds to the request from Inclavared, and then sends back the attestation evidence of confidential container to Inclavared. Confidential container plays the role of the attester.

• Inclavared
  Inclavared is responsible for forwarding the traffic between the confidential container and Shelter. The communication process is protected by the attested Enclave-TLS channel.

• Shelter
  Shelter, as the role of the verifier deployed in the off-cloud, records the launch measurements of enclave runtime, and afterward establishes the attested Enclave-TLS channel to communicate with Inclavared. Eventually, it retrieves the evidence about enclave runtimes for verification.

In addition, this release starts to formally support SGX SDK 2.13, the latest dcap driver and the in-tree kernel driver.

The next release is to enhance the quality and stability of EAA. In the future, EAA plans to provide a universal end-to-end remote attestation infrastructure with attestation service and attestation agent regardless of the scenario.

CHANGELOG

• Implement an experimental and demonstrative remote attestation infrastructure called Enclave Attestation Architecture (EAA)
• Evolved from ra-tls to Enclave-TLS
• Implement Inclavared
• Integrate shelter with Enclave-TLS
• Enhance skeleton enclave runtime
• Support Occlum 0.21.0

Inclavare Containers 0.6.0 release

This release provides the initial implementation of ra-tls POC based on SGX DCAP (ECDSA-based attestation).

The verifier and attester use the secure and trusted TLS channel for the communication. The channel is established based on the TLS certificate bound to the hardware trusted root, so the trust chain of the workload owner can be extended to the external. Previously ra-tls PoC only supports EPID-based attestation. The following components also provide extra support for ECDSA-based attestation support:

• shelter now plays the role of ECDSA-based challenger and verifier.
• sgx-tools now supports obtaining Quoting Enclave's target information and ECDSA-based quote.

In addition, this release supports bundle cache level 2, which can further speed up the conversion of Occlum images.

In the next release, ra-tls PoC will do a refactoring to be Enclave TLS along with local report based attestation and mutual TLS. Based on Enclave TLS, a draft of Enclave Management Protocol will be introduced to standardize the management of enclaves. The initial function of this protocol will be used to verify the integrity of a group of skeleton enclave runtimes. The verification evidence includes mrenclave and mrsigner of each skeleton enclave runtime.

CHANGELOG:

• Implement SGX DCAP (ECDSA-based attestation) in ra-tls
• Support bundle cache level 2
• Provide DCAP utilities in sgx-tools
• Support Occlum 0.19.0

Inclavare Containers 0.5.2 release

This release provides the initial implementation of remote attestation tool Shelter and full CI/CD workflows for this project.

Shelter, as the attestation verifier on the off-cloud side, records the launch measurements of enclave runtime, and afterward establishes RA-TLS trusted channel to communicate with inclavared. Eventually, it retrieves the evidence about enclave runtimes for verification. The tenants are able to explicitly know whether their workloads are loaded in a genuine TEE environment.

This release adds CI/CD workflows for the nightly build, PR pre-test, release, and so on. Please refer to WIKI page for the details. CI/CD workflows have already become a part of the development of Inclavare Containers. In the future, we will continue to enhance CI/CD workflows for automation and coverage.

In addition, Inclavare Containers is added to the adopters list of containerd. This is a good starting point.

CHANGELOG

• Implement Shelter
• Supply full CI/CD workflows
• Support Occlum 0.18.1

Inclavare Containers 0.5.1 release

This release provides very early support for AWS Nitro enclaves based on the sample code. Essentially, enclave is a computational normal form. Any reasonable form is enclave, and Inclavare Containers will support it without hesitation. Inclavare Containers owns its ecosystem with multiple enclave runtimes support.

Inclavare Container now can be integrated with pouchd, an efficient enterprise-class container engine, expanding cloud native application scenarios furtherly.

Skeleton enclave runtime implements NULL pointer dereference protection for the purpose of demonstration. This common protection mechanism can prevent potential confidential data leaks.

Besides, skeleton now can interact with kvmtool to support enclave VM for demonstration. This is the first step to support a new form of enclave.

In addition, this release improves the performance of enclave instant launch by eliminating the ~900ms overhead of EPM communication.

CHANGELOG

• Initial enclave runtime support for AWS Nitro Enclaves
• Integration with pouch
• NULL pointer dereference protection and enclave VM support for skeleton
• Improve the performance of enclave instant launch

Inclavare Containers 0.5.0 release

This release improves the launch performance of enclave runtime and supports for WARM enclave runtime.

Bundle cache can speed up the converting process for Occlum. The experiment results show that the launch time of Occlum is significantly reduced. Enclave instant launch currently only supports skeleton. This design can completely eliminate the launch time of loading and measuring the enclave instance. Enclave instant launch will support more enclave runtimes in the next release.

WAMR enclave runtime now supports Inclavare Containers, enriching the ecosystem of Inclavare Containers.

Based on many engineering practices, skeleton is proven as a best practice on experimental features and PoC. Therefore, some preview features will be implemented in skeleton firstly.

In addition, shelter and enclaved for enclave attestation infrastructure are not available as expected. We will provide them in the next release.

CHANGELOG

• Implement bundle cache
• Implement enclave instant launch
• WAMR enclave runtime support
• Decouple from runc
• Support Occlum 0.17.0

Inclavare Containers 0.4.1 release

This release refreshes the implementation of RA-TLS PoC. In the next release, we will provide the complete implementation of Inclavare Attestation Infrastructure. The major feature of this release is that shim-rune supports building and signing enclave on the host, which eliminates the time to pull Occlum SDK images at launch and thus improves the speed of running containers in Confidential Computing Kubernetes Cluster.

In addition, this release begins to use RPM/DEB repository instead of RPM/DEB packages. For more information, see the steps about how to configure repository.

CHANGELOG

• Refresh RA-TLS PoC
• Don't use Occlum SDK image to launch enclave containers
• Update Golang reference image
• Support Occlum 0.16.0
• Enhance skeleton enclave runtime
• Use RPM/DEB repository to maintain binary packages

Inclavare Containers 0.4.0 release

This release is transitional, with some bug fixes, and does the preparation for next release.

One major feature in this release is the RA-TLS prototype establishing the trust between hardware-based remote attestation and TLS secure channel. This design provides more flexibilities on enclave management and communication. Current PoC is based on sgx-ra-tls project. In next release, we will provide the complete implementation.

Another major feature is with regard to the overhead of enclave creation. As all we know, the overhead of enclave creation is fundamental and difficult to be avoided. In addition, shim-rune introduces the procedure of bundle conversion which increases the launch time during enclave creation. Both of them will be resolved in next release.

In this binary release, the prebuilt packages for Ubuntu 18.04 server and CentOS 8.1 are provided (see the detachments).

CHANGELOG

• Provide RA-TLS PoC
• Implement Enclave Pooling Manager framework
• Provide Dragonwell 11 (LTS for OpenJDK 11) reference image
• Support Occlum 0.15.1
• Enhance skeleton enclave runtime