1.2.3

[1.2.3] - 2024-06-15

Bug Fixes

• Upgrade base image to 0.1.5: clean all authorized_keys and users (#140)

1.2.2

[1.2.2] - 2024-06-13

Bug Fixes

• Update RHEL image by forcing installation of security update of shim-x64 package - if exists (#137)

1.2.1

[1.2.1] - 2024-06-04

Features

• Add support for Cosmian AI Runner images (#117)
• Create frozen base image for Ubuntu/RHEL for GCP/Azure/AWS (#120)
• Modify GRUB for Azure security check: add console=ttyS0 earlyprintk=ttyS0 to GRUB_CMDLINE_LINUX (#132)

Bug Fixes

• On KMS and AI Runner, remove unnecessarily opened ports (#124)
• Freeze packer plugins versions (#127)
• Use tpm2-abrmd as cosmian_vm_agent.service dependency to fix PCR Hash digest error (#129)
• Create VHD from OS disk to publish to marketplace (#130)
• AWS spawning retry (#131)

Testing

• Merge Ansible roles for checking KMS or AI Runner (#122)

1.2.0

[1.2.0] - 2024-05-23

Features

• Support Intel TDX on GCP and Azure (#102)
• Support Ubuntu/RHEL image on AWS

Bug Fixes

• Handle error in Ansible command
• Fix rust test test_ratls_get_server_certificate

Documentation

• Sync with public doc

Miscellaneous Tasks

• Bump KMS version to 4.16.0

Ci

• Add cargo deny in CI (#106)
• Systematically clean cloud provider resources before and after (#111)
• Run concurrency build by cloud provider (#113)

1.1.2

[1.1.2] - 2024-05-06

Features

• Move to systemd service for Cosmian VM and Cosmian KMS (#100)

Bug Fixes

• Add/remove privilege escalation on local tasks (#97)
• Create GCP firewall rule on test instances (#101)
• Fix RUSTSEC-2024-0336 (#103)
• Fetch TPM quote just after IMA event log to prevent side effects (#104)

Miscellaneous Tasks

• Run KMS playbook on a raw VM (#104)

Refactor

• Reuse cargo workspace version in all subcrates (#106)

1.1.1

[1.1.1] - 2024-04-16

Bug Fixes

• [Ansible] Automate reboot right after dracut IMA-relative
• [Rust] Generate TPM keys before generate encrypted FS

1.1.0

[1.1.0] - 2024-04-12

Features

• For GCP (SEV) (#94):
  • Deploy Cosmian VM/KMS images based on ubuntu-2204-jammy-v20240319 and rhel-9-v20240312. Images deployment on tags only.
  • Remove use of startup scripts:
    • cosmian_vm_agent is auto-restarting on failures
    • for KMS, nginx is auto-restarting on failures
• For Azure (SEV):
  • Add Ansible Cosmian VM/KMS installation

Bug Fixes

• Fix reboot problem on RHEL (#84)

1.1.0-rc.4

[1.1.0-rc.4] - 2024-04-05

Bug Fixes

• Deployment on Azure via ansible (#78)
• App init trouble + add KMS playbook (#83)

1.1.0-rc.3

[1.1.0-rc.3] - 2024-03-28

Bug Fixes

• Support for RHEL 9 on AMD SEV-SNP and Ubuntu 22.04 on Intel TDX is temporarily suspended because of some issues with systemd-cryptenroll when the instance reboot
• Create application storage folder if it does not exist
• Removed PCR-7 from systemd-cryptenroll for now because of failure at reboot (see systemd/systemd#24906)
• /var/tmp is now a tmpfs filesystem to allow dracut temp files

Features

• Base images for GCP have been updated: ubuntu-2204-jammy-v20240319 and rhel-9-v20240312

1.0.1

[1.0.1] - 2024-02-07

Fix

• Do not start supervisor when building the image but only when instantiate the built image. Otherwise it creates a luks inside it which can't be decrypted when instantiating the VM on GCP.