github/confidential-containers
1
0
Fork 0
mirror of https://github.com/confidential-containers/confidential-containers.git synced 2025-09-18 00:37:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix KBC release notes

Browse Source 
Signed-off-by: Dan Middleton <dan.middleton@intel.com>
This commit is contained in:
Dan Middleton
2023-03-03 08:00:36 -06:00
committed by Dan
parent 88923984de
commit 5eae0f00b7
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
releases/v0.4.0.md
View File

@@ -37,12 +37,13 @@ The following are known limitations of this release:
* s390x does not support cosign signature validation * s390x does not support cosign signature validation
- SELinux is not supported on the host and must be set to permissive if in use. - SELinux is not supported on the host and must be set to permissive if in use.
- Attestation and key brokering support is still under development - Attestation and key brokering support is still under development
* The disk-based key broker client (KBC) is used for non-tee testing, but is not suitable for production, except with encrypted VM images. * The disk-based key broker client (KBC) is used for non-tee testing, but is not suitable for
production, except with encrypted VM images.
* Currently, there are two key broker services (KBS) that can be used: * Currently, there are two key broker services (KBS) that can be used:
- simple-kbs: simple key broker service for SEV(-ES). - simple-kbs: simple key broker service for SEV(-ES).
- [Verdictd](https://github.com/inclavare-containers/verdictd): An external project with which Attestation Agent can conduct remote attestation communication and key acquisition via EAA KBC - [Verdictd](https://github.com/inclavare-containers/verdictd): An external project with which
Attestation Agent can conduct remote attestation communication and key acquisition via EAA KBC
* The full-featured generic KBS and the corresponding KBC are still in the development stage. * The full-featured generic KBS and the corresponding KBC are still in the development stage.
* For developers, other KBCs can be experimented with.
- The format of encrypted container images is still subject to change - The format of encrypted container images is still subject to change
* The [oci-crypt](https://github.com/containers/ocicrypt) container image format itself may still change * The [oci-crypt](https://github.com/containers/ocicrypt) container image format itself may still change
* The tools to generate images are not in their final form * The tools to generate images are not in their final form