mirror of
https://github.com/confidential-containers/confidential-containers.git
synced 2025-09-19 10:47:02 +00:00
docs: add release notes for v0.9.0-alpha0
This is an alpha release, so let's be clear about exactly what the limitations are. Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
This commit is contained in:
Tobin Feldman-Fitzthum
committed by
Tobin Feldman-Fitzthum
Tobin Feldman-Fitzthum
parent
243224fc4a
commit
8de20e19e0
79
releases/v0.9.0-alpha0.md
Normal file
79
releases/v0.9.0-alpha0.md
Normal file
@@ -0,0 +1,79 @@
|
|||||||
|
# Release Notes for v0.9.0-alpha
|
||||||
|
|
||||||
|
Release Date: May 2nd, 2024
|
||||||
|
|
||||||
|
This is our first release based on Kata Containers main, but it is an alpha release that supports
|
||||||
|
only a subset of features.
|
||||||
|
|
||||||
|
This release is based on [3.4.0](https://github.com/kata-containers/kata-containers/releases/tag/3.4.0) of Kata Containers
|
||||||
|
and [v0.9.0](https://github.com/confidential-containers/enclave-cc/releases/tag/v0.9.0) of enclave-cc.
|
||||||
|
|
||||||
|
This release supports pulling images inside of the guest with some caveats but it does
|
||||||
|
not support pulling encrypted or signed images inside the guest.
|
||||||
|
This release supports attestation and includes the guest components in the rootfs,
|
||||||
|
but it does not support any TEE platform.
|
||||||
|
Peer pods is also not supported.
|
||||||
|
|
||||||
|
**This release was created mainly for development purposes. For a full feature set,
|
||||||
|
consider returning to v0.8.0 or using the next release.**
|
||||||
|
|
||||||
|
Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential
|
||||||
|
Containers.
|
||||||
|
|
||||||
|
Please refer to our [Acronyms](https://github.com/confidential-containers/documentation/wiki/Acronyms)
|
||||||
|
and [Glossary](https://github.com/confidential-containers/documentation/wiki/Glossary) pages for a
|
||||||
|
definition of the acronyms used in this document.
|
||||||
|
|
||||||
|
## What's new
|
||||||
|
|
||||||
|
* This release is built from the main branch of Kata Containers.
|
||||||
|
* Non-tee attestation is now based on a sample attester and verifier rather than on `offline_fs_kbc`.
|
||||||
|
* Resources can be dynamically delivered in confidential environments.
|
||||||
|
* Trustee is integrated into the Kata Containers CI.
|
||||||
|
* All platforms now share one confidential rootfs.
|
||||||
|
* All platforms share one confidential guest kernel.
|
||||||
|
* Image request timeout is configurable to facilitate pulling large images.
|
||||||
|
* Attestation Agent now supports generic `configfs-tsm` ABI for collecting evidence.
|
||||||
|
* Enclave-cc moves to unified LibOS bundle for secure rootfs key handling and to the latest Occlum v0.30.1 release that adds SGX EDMM support for dynamically adjusting the enclave size.
|
||||||
|
* Adoption of a project-wide security reporting protocol
|
||||||
|
|
||||||
|
## Hardware Support
|
||||||
|
|
||||||
|
This release does not officially support any hardware platforms.
|
||||||
|
It is mainly intended for testing in non-tee environments.
|
||||||
|
Future releases will return to previous levels of support.
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
The following are known limitations of this release:
|
||||||
|
|
||||||
|
* Nydus snapshotter support is not mature.
|
||||||
|
* Nydus snapshot sometimes conflicts with existing node configuration.
|
||||||
|
* You may need to remove existing container images/snapshots before installing Nydus snapshotter.
|
||||||
|
* Nydus snapshotter may not support pulling one image with multiple runtime handler annotations even across different pods.
|
||||||
|
* These limitations can apply to the pause image when filesystem passthrough is not enabled.
|
||||||
|
* Host pulling with Nydus snapshotter is not yet enabled.
|
||||||
|
* Nydus snapshotter is not supported with enclave-cc.
|
||||||
|
* Pulling container images inside guest may have negative performance implications including greater resource usage and slower startup.
|
||||||
|
* `crio` support is still evolving.
|
||||||
|
* Platform support is rapidly changing
|
||||||
|
* SELinux is not supported on the host and must be set to permissive if in use.
|
||||||
|
* The format of encrypted container images is still subject to change
|
||||||
|
* The [oci-crypt](https://github.com/containers/ocicrypt) container image format itself may still change
|
||||||
|
* The tools to generate images are not in their final form
|
||||||
|
* The image format itself is subject to change in upcoming releases
|
||||||
|
* Not all image repositories support encrypted container images.
|
||||||
|
* Complete integration with Kubernetes is still in progress.
|
||||||
|
* OpenShift support is not yet complete.
|
||||||
|
* Existing APIs do not fully support the CoCo security and threat model. [More info](https://github.com/confidential-containers/community/issues/53)
|
||||||
|
* Some commands accessing confidential data, such as `kubectl exec`, may either fail to work, or incorrectly expose information to the host
|
||||||
|
* The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
|
||||||
|
* We track our status with the OpenSSF Best Practices Badge, which improved to 75% at the time of this release.
|
||||||
|
* Community has adopted a security reporting protocol, but application and documentation of static and dynamic analysis still needed.
|
||||||
|
* Container metadata such as environment variables are not measured.
|
||||||
|
* Kata Agent does not validate mount requests. A malicious host might be able to mount a shared filesystem into the PodVM.
|
||||||
|
|
||||||
|
## CVE Fixes
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
Reference in New Issue
Block a user