Commit Graph

419 Commits

Author SHA1 Message Date
Fabiano Fidêncio
a5629a5a6f versions: Bump coco-guest-components
Usual bump before a release that will be consumed by Confidential
Containers.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-11-11 08:08:24 +01:00
Fabiano Fidêncio
58df06d90e versions: Bump Trustee
This is a bump pre-release, which brings several fixes and some
improvements related to initData, and NVIDIA's remote verifier.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-11-11 08:08:05 +01:00
Fabiano Fidêncio
14039c9089 golang: Update to 1.24.9
In order to fix:
```

=== Running govulncheck on containerd-shim-kata-v2 ===
 Vulnerabilities found in containerd-shim-kata-v2:
=== Symbol Results ===

Vulnerability #1: GO-2025-4015
    Excessive CPU consumption in Reader.ReadResponse in net/textproto
  More info: https://pkg.go.dev/vuln/GO-2025-4015
  Standard library
    Found in: net/textproto@go1.24.6
    Fixed in: net/textproto@go1.24.8
    Vulnerable symbols found:
      #1: textproto.Reader.ReadResponse

Vulnerability #2: GO-2025-4014
    Unbounded allocation when parsing GNU sparse map in archive/tar
  More info: https://pkg.go.dev/vuln/GO-2025-4014
  Standard library
    Found in: archive/tar@go1.24.6
    Fixed in: archive/tar@go1.24.8
    Vulnerable symbols found:
      #1: tar.Reader.Next

Vulnerability #3: GO-2025-4013
    Panic when validating certificates with DSA public keys in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4013
  Standard library
    Found in: crypto/x509@go1.24.6
    Fixed in: crypto/x509@go1.24.8
    Vulnerable symbols found:
      #1: x509.Certificate.Verify
      #2: x509.Certificate.Verify

Vulnerability #4: GO-2025-4012
    Lack of limit when parsing cookies can cause memory exhaustion in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-4012
  Standard library
    Found in: net/http@go1.24.6
    Fixed in: net/http@go1.24.8
    Vulnerable symbols found:
      #1: http.Client.Do
      #2: http.Client.Get
      #3: http.Client.Head
      #4: http.Client.Post
      #5: http.Client.PostForm
      Use '-show traces' to see the other 9 found symbols

Vulnerability #5: GO-2025-4011
    Parsing DER payload can cause memory exhaustion in encoding/asn1
  More info: https://pkg.go.dev/vuln/GO-2025-4011
  Standard library
    Found in: encoding/asn1@go1.24.6
    Fixed in: encoding/asn1@go1.24.8
    Vulnerable symbols found:
      #1: asn1.Unmarshal
      #2: asn1.UnmarshalWithParams

Vulnerability #6: GO-2025-4010
    Insufficient validation of bracketed IPv6 hostnames in net/url
  More info: https://pkg.go.dev/vuln/GO-2025-4010
  Standard library
    Found in: net/url@go1.24.6
    Fixed in: net/url@go1.24.8
    Vulnerable symbols found:
      #1: url.JoinPath
      #2: url.Parse
      #3: url.ParseRequestURI
      #4: url.URL.Parse
      #5: url.URL.UnmarshalBinary

Vulnerability #7: GO-2025-4009
    Quadratic complexity when parsing some invalid inputs in encoding/pem
  More info: https://pkg.go.dev/vuln/GO-2025-4009
  Standard library
    Found in: encoding/pem@go1.24.6
    Fixed in: encoding/pem@go1.24.8
    Vulnerable symbols found:
      #1: pem.Decode

Vulnerability #8: GO-2025-4008
    ALPN negotiation error contains attacker controlled information in
    crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2025-4008
  Standard library
    Found in: crypto/tls@go1.24.6
    Fixed in: crypto/tls@go1.24.8
    Vulnerable symbols found:
      #1: tls.Conn.Handshake
      #2: tls.Conn.HandshakeContext
      #3: tls.Conn.Read
      #4: tls.Conn.Write
      #5: tls.Dial
      Use '-show traces' to see the other 4 found symbols

Vulnerability #9: GO-2025-4007
    Quadratic complexity when checking name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4007
  Standard library
    Found in: crypto/x509@go1.24.6
    Fixed in: crypto/x509@go1.24.9
    Vulnerable symbols found:
      #1: x509.CertPool.AppendCertsFromPEM
      #2: x509.Certificate.CheckCRLSignature
      #3: x509.Certificate.CheckSignature
      #4: x509.Certificate.CheckSignatureFrom
      #5: x509.Certificate.CreateCRL
      Use '-show traces' to see the other 27 found symbols

Vulnerability #10: GO-2025-4006
    Excessive CPU consumption in ParseAddress in net/mail
  More info: https://pkg.go.dev/vuln/GO-2025-4006
  Standard library
    Found in: net/mail@go1.24.6
    Fixed in: net/mail@go1.24.8
    Vulnerable symbols found:
      #1: mail.AddressParser.Parse
      #2: mail.AddressParser.ParseList
      #3: mail.Header.AddressList
      #4: mail.ParseAddress
      #5: mail.ParseAddressList
```

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-11-03 16:57:22 +01:00
Zvonko Kaiser
94abe4fc00 osbuilder: nvrc: Consume NVRC release instead of building it
Let's ensure that we consume NVRC releases straight from GitHub instead
of building the binaries ourselves.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-10-31 12:10:20 +01:00
Fabiano Fidêncio
e30e2b5f45 tests: k8s: Remove tests running on GitHub provided runner
We have 2 tests running on GitHub provided runners:
* devmapper
* CRI-O

- devmapper situation

For devmapper, we're currently testing devmapper with s390x as part of
one of its jobs.

More than that, this test has been failing here due to a lack of space
in the machine for quite some time, and no-action was taken to bring it
back either via GARM or some other way.

With that said, let's rely on the s390x CI to test devmapper and avoid
one extra failure on our CI by removing this one.

- cri-o situation

CRI-O is being tested with a fixed version of kubernetes that's already
reached its EOL, and a CRI-O version that matches that k8s version.

There has been attempts to raise issues, and also to provide a PR that
does at least part of the work ... leaving the debugging part for the
maintainers of the CI. However, there was no action on those from the
maintainers.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-10-30 11:46:59 +01:00
Kevin Zhao
af919686ab Kata-deploy: Add CCA firmware build support
runtime: pass firmware to CCA Realm

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2025-10-16 17:24:45 +08:00
Kevin Zhao
16e91bfb21 kata-deploy: Add support for Arm CCA Qemu build
The Qemu support is picked up from:
https://git.codelinaro.org/linaro/dcap/qemu.git, branch: cca/2025-04-16

More info regarding the CCA software stack dev and test, please refer
to link: https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+an+RME+stack+for+QEMU

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2025-10-16 17:24:08 +08:00
Seunguk Shin
c7d5f207f1 kata-deploy: support build confidential rootfs and initrd for CCA
Also add cca-attester for coco-guest-component

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Co-authored-by: Seunguk Shin <seunguk.shin@arm.com>
2025-10-16 17:24:03 +08:00
Seunguk Shin
40dac78412 kata-deploy: support build confidential kernel and shim-v2 for CCA
After supporting the Arm CCA, it will rely on the kernel kvm.h headers to build the
runtime. The kernel-headers currently quite new with the traditional one, so that we
rely on build the kernel header first and then inject it to the shim-v2 build container.

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Co-authored-by: Seunguk Shin <seunguk.shin@arm.com>
2025-10-16 17:23:58 +08:00
Fabiano Fidêncio
b0b0038689 versions: Bump QEMU to 10.1.1
QEMU 10.1.1 was released on October 8th, 2025, let's bump it on our
side.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-10-13 23:52:01 +02:00
Paul Meyer
5ae891ab46 versions: bump opa 1.6.0 -> 1.9.0
Bumping opa to latest release.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-10-10 10:58:51 +02:00
Fabiano Fidêncio
aa9e3fc3d5 versions: Update containerd active / latest versions
The active version is 2.1.x, and the latest is 2.2.0-beta.0.

The latest is what we'll be using to test if the "to be released"
version of containerd works well for our use-cases.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-10-08 10:34:09 +02:00
Fabiano Fidêncio
2e0ce2f39f kata-deploy: scripts: Allow deploying nydus-snapshotter
Let's introduce a new EXPERIMENTAL_SETUP_SNAPSHOTTER environemnt
variable that, when set, allows kata-deploy to put the nydus snapshotter
in the correct place, and configure containerd accordingly.

Mind, this is a stop gap till the nydus-snapshotter helm chart is ready
to be used and behaving well enough to become a weak dependency of our
helm chart.  When that happens this code can be deleted entirely.

Users can have nydus-snapshotter deployed and configured for the
guest-pull use case by simply passing:
```
EXPERIMENTAL_SETUP_SNAPSHOTTER="nydus"
```

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2025-10-07 10:32:46 +02:00
Mikko Ylinen
e878d4a90a versions: bump guest-components and trustee for CoCo v0.16.0
Pick the latest CoCo components targeted for the next release.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-09-23 12:38:32 +03:00
Mikko Ylinen
86fe419774 versions: update kernel-confidential to Linux v6.16.7
update to the latest available v6.16 stable series kernel for CoCo.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-09-15 20:29:22 +02:00
Alex Tibbles
fa6e4981a1 versions: bump ovmf edk2 version
Update ovmf to latest release. Includes CVE-2024-38805 fix.

EDK2 changelogs for releases since edk2-stable202411:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202508
https://github.com/tianocore/edk2/releases/tag/edk2-stable202505
https://github.com/tianocore/edk2/releases/tag/edk2-stable202502

Signed-off-by: Alex Tibbles <alex@bleg.org>
2025-09-15 15:38:33 +02:00
Alex Tibbles
66a3d4b4a2 versions: bump kernel to 6.12.47
Update LTS kernel to latest.

Signed-off-by: Alex Tibbles <alex@bleg.org>
2025-09-15 14:19:48 +02:00
Alex Tibbles
710c117a24 version: Bump QEMU to v10.1.0
A minor release of QEMU is out, so update to it for fixes and features.

QEMU changelog: https://wiki.qemu.org/ChangeLog/10.1

Notes:
* AVX support is not an option to be enabled / disabled anymore.
* Passt requires Glibc 2.40.+, which means a dependency on Ubuntu 25.04
  or newer, thus we're disabling it.

Signed-off-by: Alex Tibbles <alex@bleg.org>
2025-09-15 14:19:25 +02:00
Fabiano Fidêncio
60790907ef clh: Update to v48.0 release
```
Experimental fw_cfg Device Support
This feature enables passing configuration data and files, such as VM
boot configurations (kernel, kernel cmdline, e820 memory map, and ACPI
tables), from the host to the guest. (#7117)

Experimental ivshmem Device Support
Support for inter-VM shared memory has been added. For more information,
please refer to the ivshmem documentation. (#6703)

Firmware Boot Support on riscv64
In addition to direct kernel boot, firmware boot support has been added
on riscv64 hosts. (#7249)

Increased vCPU Limit on x86_64/kvm
The maximum number of supported vCPUs on x86_64 hosts using KVM has been
raised from 254 to 8192. (#7299)

Improved Block Performance with Small Block Sizes
Performance for virtio-blk with small block sizes (16KB and below)
is enhanced via submitting async IO requests in batches. (#7146)

Faster VM Pause Operation
The VM pause operation now is significantly faster particularly for VMs
with a large number of vCPUs. (#7290)

Updated Documentation on Windows Guest Support
Our Windows documentation now includes instructions to run Windows 11
guests, in addition to Windows Server guests. (#7218)

Policy on AI Generated Code
We will decline any contributions known to contain contents generated or
derived from using Large Language Models (LLMs). Details can be found
in our contributing documentation. (#7162)

Removed SGX Support
The SGX support has been removed, as announced in the deprecation notice two
release cycles ago. (#7093)

Notable Bug Fixes
Seccomp filter fixes with glibc v2.42 (#7327)
Various fixes related to (#7331, #7334, #7335)
```

From https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v48.0

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
2025-09-15 08:30:18 +02:00
Steve Horsman
23d2dfaedc Merge pull request #11707 from fidencio/topic/switch-to-use-zstd-when-possible
kata-deploy: local-build: Use zstd instead of xz
2025-08-22 10:06:00 +01:00
stevenhorsman
381da9e603 versions: Bump golang to 1.24.6
golang 1.25 has been released, so 1.23 is EoL,
so we should update to ensure we don't end up with security issues

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-08-22 10:44:15 +02:00
Fabiano Fidêncio
1329ce355e versions: image / initrd: Bump to alpine 3.22
As the 3.18 is EOL'ed.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
2025-08-21 19:53:55 +02:00
Mikko Ylinen
412a384aad versions: update kernel-confidential to Linux v6.16.1
Linux v6.16 brings some useful features for the confidential guests.
Most importantly, it adds an ABI to extend runtime measurement registers
(RTMR) for the TEE platforms supporting it. This is currently enabled
on Intel TDX only.

The kernel version bump from v6.12.x to v6.16 forces some CONFIG_*
changes too:

MEMORY_HOTPLUG_DEFAULT_ONLINE was dropped in favor of more config
choices. The equivalent option is MHP_DEFAULT_ONLINE_TYPE_ONLINE_AUTO.

X86_5LEVEL was made unconditional. Since this was only a TDX
configuration, dropping it completely as part of v6.16 is fine.

CRYPTO_NULL2 was merged with CRYPTO_NULL. This was only added in
confidential guest fragments (cryptsetup) so we can drop it in this update.

CRYPTO_FIPS now depends on CRYPTO_SELFTESTS which further depends on
EXPERT which we don't have. Enable both in a separate config fragment
for confidential guests. This can be moved to a common setting once
other targets bump to post v6.16.

CRYPTO_SHA256_SSE3 arch optimizations were reworked and are now enabled
by default. Instead of adding it to whitelist.conf, just drop it completely
since it was only enabled as part of "measured boot" feature for
confidential guests. CONFIG_CRYPTO_CRC32_S390 was reworked the same way.
In this case, whitelist.conf is needed.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-08-20 11:32:48 +03:00
Alex Tibbles
e20f6b2f9d versions: update to latest LTS kernel 6.12.42
Fixes #11690

Signed-off-by: Alex Tibbles <alex@bleg.org>
2025-08-19 17:32:42 -04:00
Alex Tibbles
a03dc3129d versions: sync go.mod with versions.yaml for go 1.23.12
OSV-Scanner highlights go.mod references to go stdlib 1.23.0 contrary to intention in versions.yaml, so synchronize them.
Make a converse comment for versions.yaml.

Fixes: #11700

Signed-off-by: Alex Tibbles <alex@bleg.org>
2025-08-19 11:30:19 -04:00
stevenhorsman
1a6f1fc3ac versions: Bump golang to 1.23.12
Bump go version to remediate vuln GO-2025-3849

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-08-12 14:46:29 +01:00
Fabiano Fidêncio
f9e16431c1 version: Bump QEMU to v10.0.3
As the new release of QEMU is out, let's switch to it and take advantage
of bug fixes and improvements.

QEMU changelog: https://wiki.qemu.org/ChangeLog/10.0

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
2025-08-07 22:31:30 +02:00
Markus Rudy
9e38fd2562 tools: add image for Go proto bindings
In order to have a reproducible code generation process, we need to pin
the versions of the tools used. This is accomplished easiest by
generating inside a container.

This commit adds a container image definition with fixed dependencies
for Golang proto/ttrpc code generation, and changes the agent Makefile
to invoke the update-generated-proto.sh script from within that
container.

Signed-off-by: Markus Rudy <mr@edgeless.systems>
2025-07-31 17:58:25 +01:00
Kumar Mohit
5cccbb9f41 versions: Upgrade Firecracker Version to 1.12.1
Updated versions.yaml to use Firecracker v1.12.1.
Replaced firecracker and jailer binaries under /opt/kata/bin.

Tested with kata-fc runtime on Kubernetes:
- Deployed pods using gitpod/openvscode-server
- Verified microVM startup, container access, and Firecracker usage
- Confirmed Firecracker and jailer versions via CLI

Signed-off-by: Kumar Mohit <68772712+itsmohitnarayan@users.noreply.github.com>
2025-07-30 12:51:08 +05:30
Ruoqing He
14e9d2c815 versions: Upgrade to Cloud Hypervisor v47.0
Details of v47.0 release can be found in our roadmap project as
iteration v47.0: https://github.com/orgs/cloud-hypervisor/projects/6.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-07-25 20:42:24 +02:00
Steve Horsman
405f5283f0 Merge pull request #11573 from arvindskumar99/versions_comment
OVMF: Making comment in versions.yaml for SEV-SNP
2025-07-17 10:11:58 +01:00
Xynnn007
82b890349d deps(chore): bump guest-components to candidate v0.14.0
This new version of gc fixes s390x attestation, also introduces registry
configuration setting directly via initdata.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-07-17 10:19:02 +08:00
Arvind Kumar
2a52351822 OVMF: Making comment in versions.yaml for SEV-SNP
Adding comment to versions.yaml to indicate that the ovmf-sev is also
used by AMD SEV-SNP, as per the discussion in
https://github.com/kata-containers/kata-containers/pull/11561.

Signed-off-by: Arvind Kumar <arvinkum@amd.com>
2025-07-16 06:35:21 +02:00
Xynnn007
19001af1e2 deps(chore): update guest-components and trustee
to the version of pre v0.14.0

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-07-15 09:12:47 +08:00
Fabiano Fidêncio
842e17b756 tests: k0s: Always use latest version, apart from CRI-O tests
We've been pinning a specific version of k0s for CRI-O tests, which may
make sense for CRI-O, but doesn't make sense at all when it comes to
testing that we can install kata-deploy on latest k0s (and currently our
test for that is broken).

Let's bump to the latest, and from this point we start debugging,
instead of debugging on an ancient version of the project.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
2025-07-09 13:27:18 +02:00
Steve Horsman
7bc25b0259 Merge pull request #11494 from katexochen/p/opa-1.6
versions: bump opa 1.5.1 -> 1.6.0
2025-07-09 11:45:54 +01:00
Arvind Kumar
afedad0965 kernel: Removing SEV kernel packages
Removing kernel config files realting
to SEV as part of the SEV deprecation
efforts.

Co-authored-by: Adithya Krishnan Kannan <AdithyaKrishnan.Kannan@amd.com>
Signed-off-by: Arvind Kumar <arvinkum@amd.com>
2025-07-07 11:21:11 -05:00
Paul Meyer
ff7ac58579 versions: bump opa 1.5.1 -> 1.6.0
Bumping opa to latest release.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-07-07 14:19:08 +02:00
Fabiano Fidêncio
a2faf93211 kernel: Bump to v6.12.36
As that's the latest releasesd LTS.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
2025-07-06 23:48:20 +02:00
stevenhorsman
61b12d4e1b version: Bump nydus-snapshotter
Bump to version v0.15.2 to pick up fix to mount source in
https://github.com/containerd/nydus-snapshotter/pull/636

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-06-27 14:04:00 +01:00
stevenhorsman
c7da62dd1e versions: Bump guest-components
Bump to pick up the new guest-components
and matching trustee which use rust 1.85.1

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-06-25 15:05:07 +01:00
stevenhorsman
aedbaa1545 versions: Bump golang to 1.23.10
Bump golang to fix CVEs GO-2025-3751
and GO-2025-3563

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2025-06-18 11:11:32 +01:00
Hyounggyu Choi
4be261f248 rootfs: Bump rootfs-{image,initrd} to 24.04
Since #11197 was merged, all confidential k8s e2e tests for s390x
have been failing with the following errors:

```
attestation-agent: error while loading shared libraries:
libcurl.so.4: cannot open shared object file
libnghttp2.so.14: cannot open shared object file
```

In line with the update on x86_64, we need to upgrade the OS used
in rootfs-{image,initrd} on s390x.
This commit also bumps all 22.04 to 24.04 for all architectures.
For s390x, this ensures the missing packages listed above are
installed.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-06-17 22:03:26 +02:00
Xynnn007
e0b4cd2dba initrd/image: update x86_64 base to ubuntu 24.04
The Multistrap issue has been fixed in noble thus we can use the LTS.

Also, this will fix the error reported by CDH
```
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found
```

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-06-16 13:54:15 +08:00
Xynnn007
5bab460224 chore(deps): update guest-components
This patch updates the guest-components to new version with better
error logging for CDH. It also allows the config of AA not having a
coco_as token config.

Also, the new version of CDH requires to build aws-lc-sys thus needs to
install cmake for build.

See

https://github.com/kata-containers/kata-containers/actions/runs/15327923347/job/43127108813?pr=11197#step:6:1609

for details.

Besides, the new version of guest-components have some fixes for SNP
stack, which requires the updates of trustee side.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-06-16 13:54:15 +08:00
Dan Mihai
0f8e453518 Merge pull request #11412 from katexochen/rego-v1
genpolicy: fix rules syntax issues, rego v1 compatibility; ci: checks for rego parsing
2025-06-13 07:30:34 -07:00
Paul Meyer
71796f7b12 ci/static-checks: install opa
Make open-policy-agent available for static checks as prerequisite for rego checks.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-06-12 10:46:43 +02:00
Ruoqing He
26c7f941aa versions: Bump rust to 1.85.1
As discussed in 2025-05-22's AC call, bump rust toolchian to 1.85.1.

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>
2025-06-11 13:50:10 +00:00
Gao Xiang
b441890749 kernel: drop outdated erofs patches for 6.1.y kernels
Patches 0001..0004 have been included upstream as dependencies
since Linux 6.1.113.

Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
2025-05-26 15:48:24 +08:00
Steve Horsman
f8c5aa6df6 Merge pull request #11259 from fitzthum/bump-gc-0140
Update Trustee and Guest Components for CoCo v0.14.0
2025-05-20 18:05:17 +01:00