From e878d4a90abb0d99d8db50cad7caa3771b649031 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 18 Sep 2025 10:19:48 +0300
Subject: [PATCH] versions: bump guest-components and trustee for CoCo v0.16.0

Pick the latest CoCo components targeted for the next release.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 tests/integration/kubernetes/confidential_kbs.sh | 3 +++
 versions.yaml                                    | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh
index 7275a79d65..31494d9a90 100644
--- a/tests/integration/kubernetes/confidential_kbs.sh
+++ b/tests/integration/kubernetes/confidential_kbs.sh
@@ -329,6 +329,9 @@ function kbs_k8s_deploy() {
 			# `api_key`property by a valid ITA/ITTS API key, in the
 			# ITA/ITTS specific configuration
 			sed -i -e "s/tBfd5kKX2x9ahbodKV1.../${ITA_KEY}/g" kbs-config.toml
+			# Trustee moved to ITA v2 appraisal API which changed the tee-pubkey/attester_type paths under tdx.
+			sed -i -e '/trusted_jwk_sets/a extra_teekey_paths = ["/tdx/attester_runtime_data/tee-pubkey"]' kbs-config.toml
+			sed -i -e 's:attester_type:tdx"]["attester_type:' policy.rego
 		popd
 
 		if [[ -n "${HTTPS_PROXY}" ]]; then
diff --git a/versions.yaml b/versions.yaml
index 9e190cea66..bc2b4b3b3a 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -233,18 +233,18 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "1a521e14b8c0a039ae7ae98f520fcb5020d95dec"
+    version: "608b48205009e091d3843b8f7d21934f2cea6792"
     toolchain: "1.85.1"
 
   coco-trustee:
     description: "Provides attestation and secret delivery components"
     url: "https://github.com/confidential-containers/trustee"
-    version: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb"
+    version: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d"
     # image / ita_image and image_tag / ita_image_tag must be in sync
     image: "ghcr.io/confidential-containers/staged-images/kbs"
-    image_tag: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb"
+    image_tag: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d"
     ita_image: "ghcr.io/confidential-containers/staged-images/kbs-ita-as"
-    ita_image_tag: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb-x86_64"
+    ita_image_tag: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d-x86_64"
     toolchain: "1.85.1"
 
   crio: