From 8de20e19e0c496f6584f04eef6f0de2bbf7d3a33 Mon Sep 17 00:00:00 2001 From: Tobin Feldman-Fitzthum Date: Wed, 24 Apr 2024 12:52:45 -0400 Subject: [PATCH] docs: add release notes for v0.9.0-alpha0 This is an alpha release, so let's be clear about exactly what the limitations are. Signed-off-by: Tobin Feldman-Fitzthum --- releases/v0.9.0-alpha0.md | 79 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 releases/v0.9.0-alpha0.md diff --git a/releases/v0.9.0-alpha0.md b/releases/v0.9.0-alpha0.md new file mode 100644 index 0000000..bf9cfdc --- /dev/null +++ b/releases/v0.9.0-alpha0.md @@ -0,0 +1,79 @@ +# Release Notes for v0.9.0-alpha + +Release Date: May 2nd, 2024 + +This is our first release based on Kata Containers main, but it is an alpha release that supports +only a subset of features. + +This release is based on [3.4.0](https://github.com/kata-containers/kata-containers/releases/tag/3.4.0) of Kata Containers +and [v0.9.0](https://github.com/confidential-containers/enclave-cc/releases/tag/v0.9.0) of enclave-cc. + +This release supports pulling images inside of the guest with some caveats but it does +not support pulling encrypted or signed images inside the guest. +This release supports attestation and includes the guest components in the rootfs, +but it does not support any TEE platform. +Peer pods is also not supported. + +**This release was created mainly for development purposes. For a full feature set, +consider returning to v0.8.0 or using the next release.** + +Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential +Containers. + +Please refer to our [Acronyms](https://github.com/confidential-containers/documentation/wiki/Acronyms) +and [Glossary](https://github.com/confidential-containers/documentation/wiki/Glossary) pages for a +definition of the acronyms used in this document. + +## What's new + +* This release is built from the main branch of Kata Containers. +* Non-tee attestation is now based on a sample attester and verifier rather than on `offline_fs_kbc`. + * Resources can be dynamically delivered in confidential environments. + * Trustee is integrated into the Kata Containers CI. +* All platforms now share one confidential rootfs. +* All platforms share one confidential guest kernel. +* Image request timeout is configurable to facilitate pulling large images. +* Attestation Agent now supports generic `configfs-tsm` ABI for collecting evidence. +* Enclave-cc moves to unified LibOS bundle for secure rootfs key handling and to the latest Occlum v0.30.1 release that adds SGX EDMM support for dynamically adjusting the enclave size. +* Adoption of a project-wide security reporting protocol + +## Hardware Support + +This release does not officially support any hardware platforms. +It is mainly intended for testing in non-tee environments. +Future releases will return to previous levels of support. + +## Limitations + +The following are known limitations of this release: + +* Nydus snapshotter support is not mature. + * Nydus snapshot sometimes conflicts with existing node configuration. + * You may need to remove existing container images/snapshots before installing Nydus snapshotter. + * Nydus snapshotter may not support pulling one image with multiple runtime handler annotations even across different pods. + * These limitations can apply to the pause image when filesystem passthrough is not enabled. + * Host pulling with Nydus snapshotter is not yet enabled. + * Nydus snapshotter is not supported with enclave-cc. +* Pulling container images inside guest may have negative performance implications including greater resource usage and slower startup. +* `crio` support is still evolving. +* Platform support is rapidly changing +* SELinux is not supported on the host and must be set to permissive if in use. +* The format of encrypted container images is still subject to change + * The [oci-crypt](https://github.com/containers/ocicrypt) container image format itself may still change + * The tools to generate images are not in their final form + * The image format itself is subject to change in upcoming releases + * Not all image repositories support encrypted container images. +* Complete integration with Kubernetes is still in progress. + * OpenShift support is not yet complete. + * Existing APIs do not fully support the CoCo security and threat model. [More info](https://github.com/confidential-containers/community/issues/53) + * Some commands accessing confidential data, such as `kubectl exec`, may either fail to work, or incorrectly expose information to the host +* The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet. + * We track our status with the OpenSSF Best Practices Badge, which improved to 75% at the time of this release. + * Community has adopted a security reporting protocol, but application and documentation of static and dynamic analysis still needed. +* Container metadata such as environment variables are not measured. +* Kata Agent does not validate mount requests. A malicious host might be able to mount a shared filesystem into the PodVM. + +## CVE Fixes + +None +