7.0.0-dev5

Added

• Support for PreVote optimisation. Nodes understand and are able to respond to PreVote messages, but will not become pre-vote candidates themselves. (#7419, #7445)

Changed

• When the fetch_recent_snapshot behaviour is enabled by the node config, the Joiner will now prefer the peer's snapshot over any local snapshot, regardless of version (#7314).
• Crypto interface for RSA and EC keys (#7425)
• ccf::crypto::PublicKey becomes ccf::crypto::ECPublicKey
• ccf::crypto::KeyPair becomes ccf::crypto::ECKeyPair
• Error-prone inheritance between RSA and EC key classes has been removed.
• RSA keys now don't re-use CSR functionality from EC key interface.

Removed

• Removed the unused experimental ccf.host.triggerSubprocess() JS API
• Removed ACME client and support for ACME-endorsed interfaces (#7414).
• Removed fallback JWT authentication (#7442)
• It is recommended to clean up the old tables for services started before 6.x - check out cleanup_legacy_jwt_records proposal in the default sample constitution.

Fixed

• CheckQuorum now requires a quorum in every configuration (#7375)

Changed

• The snapshot-serving endpoints required for fetch_recent_snapshot behaviour are now disabled-by-default to avoid public DoS requests. They should be enabled on a per-interface basis by adding "enabled_operator_features": ["SnapshotRead"] to the interface's configuration, on an interface with local visibility used for node-to-node join requests.

6.0.16

Fixed

• Stop passing nullptr to curl_multi_socket_action (#7371)

Changed

• When GET /node/snapshot/{snapshot_name} requests a Range that extends beyond the snapshot's end, the node will now respond with the available sub-range rather than a Bad Request error.

6.0.15

Added

• Improved logging of snapshot digests (#7300)
• Node will now retry when fetching snapshots. This is controlled with command.join.fetch_snapshot_max_attempts and command.join.fetch_snapshot_retry_interval. (#7317)
• Remove pyopenssl (#7297)
• Fix missing -devel package dependencies (#7345)

Changed

• The submit_recovery_share.sh script will no longer try to create a virtual environment and install the CCF Python package on every call. Instead it will return an error if the package is not installed (specifically if the ccf_cose_sign1 tool it relies on cannot be found) (#7306)
• Snapshot fetching attempts to re-use the TLS sessions whenever possible (#7321)

7.0.0-dev4

Added

• Added verify_uvm_attestation_and_endorsements binary. This tests that the authentication of the startup files during start and join would succeed. Usage on C-ACI: verify_uvm_attestation_and_endorsements /security-context-xxxx/host-amd-cert-base64 /security-context-xxxx/reference-info-base64 /security-context-xxxx/security-policy-base64

6.0.14

Added

• Improved handling of socket errors in curlm callbacks (#7308)
• Accept UVM endorsements with SVNs encoded as integers, and use integer comparison for UVM (#7316)

7.0.0-dev3

Added

• Added ccf.gov.validateConstitution function to JS API, which can be used to confirm some basic properties of a proposed constitution (it is a string, parseable by our JS interpreter, exporting functions named validate, resolve and apply with the correct number of arguments). This is called in the default sample constitution's set_constitution.validate.
• Added logging of the initial node attestation value ("Initial node attestation...") (#7256).
• Improved handling of socket errors in curlm callbacks (#7308)
• Accept UVM endorsements with SVNs encoded as integers (#7316)

Fixed

• Correctly validate the full AMD ASK endorsement chain (#7233)
• Validate endorsement metadata (tcb version and chip id) against attestation (#7240)

Changed

• The submit_recovery_share.sh script will no longer try to create a virtual environment and install the CCF Python package on every call. Instead it will return an error if the package is not installed (specifically if the ccf_cose_sign1 tool it relies on cannot be found) (#7306)

Removed

• Removed ccf::crypt::openssl_sha256_init() and ccf::crypt::openssl_sha256_shutdown() interface, as it's now implicitly called by the crypto implementation (#7251).
• Removed support for v2 attestations as the corresponding firmware is know to be insecure (#7282)

6.0.13

Added

• Better logging of invalid snapshots (#7302)
• Improved handling of socket errors in curlm callbacks (#7308)

5.0.23

Added

• Better logging of invalid snapshots (#7302)
• Logging of snapshot digests

6.0.12

Added

• Validate endorsement metadata (tcb version and chip id) against attestation (#7240)
• Curl multi based fetching of quote endorsements and snapshots

Fixed

• Fixed quote endorsements retry logic

Removed

• Removed support for v2 attestations as the corresponding firmware is know to be insecure (#7282)

6.0.11

Added

• Added ccf.gov.validateConstitution function to JS API, which can be used to confirm some basic properties of a proposed constitution (it is a string, parseable by our JS interpreter, exporting functions named validate, resolve and apply with the correct number of arguments). This is called in the default sample constitution's set_constitution.validate.
• Added logging of the initial node attestation value ("Initial node attestation...") (#7256).

Fixed

• Correctly validate the full AMD ASK endorsement chain (#7233)