diff --git a/releases/v0.9.0-alpha1.md b/releases/v0.9.0-alpha1.md new file mode 100644 index 0000000..9afacdd --- /dev/null +++ b/releases/v0.9.0-alpha1.md @@ -0,0 +1,68 @@ +# Release Notes for v0.9.0-alpha1 + +Release Date: June 21st, 2024 + +This release is based on [3.6.0](https://github.com/kata-containers/kata-containers/releases/tag/3.4.0) of Kata Containers +and [v0.9.1](https://github.com/confidential-containers/enclave-cc/releases/tag/v0.9.0) of enclave-cc. + +This is an alpha release, with some limitations, but it builds significantly on the previous release. +For a full feature set, please use v0.8.0 or the upcoming v0.9.0. +For details of what has been added and what does not yet work, +see the following sections. + +Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential +Containers. + +Please refer to our [Acronyms](https://github.com/confidential-containers/documentation/wiki/Acronyms) +and [Glossary](https://github.com/confidential-containers/documentation/wiki/Glossary) pages for +definitions of the acronyms used in this document. + +## What's new + +* Cloud API Adaptor (peer pods) is included in the release and based on Kata main. +* Image pulling inside the guest via the nydus snapshotter is more stable. +* Platform support has been partially restored. +* Confidential runtime classes ship with filesystem sharing disabled by default. +* `kata-qemu-coco-dev` runtime class introduced for nontee development. +* Several improvements to guest policy +* `guest_components_procs` option introduced to control which guest components are started. + +## Hardware Support + +This release tentatively supports multiple TEE platforms, although +not all features are enabled for all platforms and test coverage +is limited. + +## Limitations + +The following are known limitations of this release: + +* Encrypted images and signed images are not yet supported. +* Sealed secrets and encrypted volumes are not yet supported. +* SEV(-ES) and SEV-SNP do not support attestation. +* Authenticated registries are not supported. +* Nydus snapshotter support is not mature. + * Nydus snapshotter sometimes fails to pull an image. + * Nydus snapshotter cannot handle pods with init containers. + * Host pulling with Nydus snapshotter is not yet enabled. + * Nydus snapshotter is not supported with enclave-cc. +* Pulling container images inside guest may have negative performance implications including greater resource usage and slower startup. +* `crio` support is still evolving. +* Platform support is rapidly changing +* SELinux is not supported on the host and must be set to permissive if in use. +* Complete integration with Kubernetes is still in progress. + * OpenShift support is not yet complete. + * Existing APIs do not fully support the CoCo security and threat model. [More info](https://github.com/confidential-containers/community/issues/53) + * Some commands accessing confidential data, such as `kubectl exec`, may either fail to work, or incorrectly expose information to the host +* The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet. + * We track our status with the OpenSSF Best Practices Badge, which remained at 75% at the time of this release. + * Community has adopted a security reporting protocol, but application and documentation of static and dynamic analysis still needed. +* Container metadata such as environment variables are not measured. +* The Kata Agent allows the host to call several dangerous endpoints + * Kata Agent does not validate mount requests. A malicious host might be able to mount a shared filesystem into the PodVM. + * Policy can be used to block endpoints, but it is not yet tied to the hardware evidence. + +## CVE Fixes + +None +