versions: bump guest-components and trustee for CoCo v0.16.0

Pick the latest CoCo components targeted for the next release.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

tests/integration/kubernetes/confidential_kbs.sh

@@ -329,6 +329,9 @@ function kbs_k8s_deploy() {
 			# `api_key`property by a valid ITA/ITTS API key, in the
 			# ITA/ITTS specific configuration
 			sed -i -e "s/tBfd5kKX2x9ahbodKV1.../${ITA_KEY}/g" kbs-config.toml
+			# Trustee moved to ITA v2 appraisal API which changed the tee-pubkey/attester_type paths under tdx.
+			sed -i -e '/trusted_jwk_sets/a extra_teekey_paths = ["/tdx/attester_runtime_data/tee-pubkey"]' kbs-config.toml
+			sed -i -e 's:attester_type:tdx"]["attester_type:' policy.rego
 		popd
 
 		if [[ -n "${HTTPS_PROXY}" ]]; then

versions.yaml

@@ -233,18 +233,18 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "1a521e14b8c0a039ae7ae98f520fcb5020d95dec"
+    version: "608b48205009e091d3843b8f7d21934f2cea6792"
     toolchain: "1.85.1"
 
   coco-trustee:
     description: "Provides attestation and secret delivery components"
     url: "https://github.com/confidential-containers/trustee"
-    version: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb"
+    version: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d"
     # image / ita_image and image_tag / ita_image_tag must be in sync
     image: "ghcr.io/confidential-containers/staged-images/kbs"
-    image_tag: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb"
+    image_tag: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d"
     ita_image: "ghcr.io/confidential-containers/staged-images/kbs-ita-as"
-    ita_image_tag: "beb4ce9346bc7f9a7ff0f686eb868472767ad8fb-x86_64"
+    ita_image_tag: "ea56c1bfa7e912f39e270ffe738b19ac8113af3d-x86_64"
     toolchain: "1.85.1"
 
   crio: