confidential-containers/releases/v0.14.0.md

Release Notes for v0.14.0

Release Date: May 23rd, 2025

This release is based on 3.17.0 of Kata Containers and v0.11.0 of enclave-cc.

Kata and the CoCo components share an MSRV of 1.80.0.

Please see the quickstart guide or project documentation for more information.

What's new

• Init-data is supported on bare metal Confidential Containers (see limitations below)
• Peer Pods is now supported by Alibaba Cloud.
• Image-rs supports registry configuration file for fine-grained proxying and remapping of container registries.
• KBS Client can be used to set reference values for Trustee.
• KBS Client has a few simple resource policies built-in.
• Trustee supports native verification of CCA guests in addition to verification via veraison.
• Trustee artifacts are built and tested for ARM.
• Trustee can extract reference values from TCG RIMs.
• Trustee can be configured to support a larger payload size to accomodate guests with large evidence.
• The confidential guest kernel configuration disables virtio MMIO transport and rng to reduce host attack surface.

Bug Fixes

• CDH configuration file no longer requires coco_as and kbs_token fields to be set when not in use.
• Trustee with docker compose can attest TDX evidence without any changes to QCNL configuration.
• Trustee no longer errors when parsing the CCEl of a guest booted with grub.
• Trustee default policy matches parsed claims generated by SNP verifier.
• Trustee k8s deployment and Kata tests updated for new AKS interfaces

Hardware Support

Attestation is supported and tested on three platforms: Intel TDX, AMD SEV-SNP, and IBM SE. Not all features have been tested on every platform, but those based on attestation are expected to work on the platforms above.

Make sure your host platform is compatible with the hypervisor and guest kernel provisioned by CoCo.

This release has been tested on the following stacks:

AMD SEV-SNP

• Processor: AMD EPYC 7413
• Kernel: 6.12.0-snp-host-adc218676 (upstream 6.11+)
• OS: Ubuntu 22.04.4 LTS
• k8s: v1.30.1 (Kubeadm)
• Kustomize: v4.5.4

Intel TDX

• Kernel: 6.8.0-1022-intel
• OS: Ubuntu 24.04 LTS
• k8s: v1.30.2 (Kubeadm)
• Kustomize: v5.0.4-0.20230601165947-6ce0bf390ce3

Secure Execution on IBM zSystems (s390x) running LinuxONE

• Hardware: IBM Z16 LPAR
• Kernel: 5.15.0-113-generic
• OS: Ubuntu 22.04.1 LTS
• k8s: v1.28.4 (Kubeadm)
• Kustomize: v5.3.0

Limitations

The following are limitations and known issues with this release.

• Bare metal initdata is only tested on TDX and non-tee.
• Plaintext initdata is not forwarded to Trustee.
• Credentials for authenticated registries are exposed to the host.
• Not all features are tested on all platforms.
• Nydus snapshotter support is not mature.
  • Nydus snapshotter sometimes fails to pull an image.
  • Host pulling with Nydus snapshotter is not yet enabled.
  • Nydus snapshotter is not supported with enclave-cc.
• Pulling container images inside guest may have negative performance implications including greater resource usage and slower startup.
• crio support is still evolving.
• Platform support is rapidly changing
• SELinux is not supported on the host and must be set to permissive if in use.
• Complete integration with Kubernetes is still in progress.
  • Existing APIs do not fully support the CoCo security and threat model. More info
  • Some commands accessing confidential data, such as kubectl exec, may either fail to work, or incorrectly expose information to the host
• The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.

CVE Fixes

None