6.0.0-dev5

Added

• Updated ccf::cose::edit::set_unprotected_header() API, to allow removing the unprotected header altogether (#6607).
• Updated ccf.cose.verify_receipt() to support checking the claim_digest against a reference value (#6607).

6.0.0-dev4

Added

• ccf.cose.verify_receipt() to support verifiying draft COSE receipts (#6603).

Removed

• Remove SECP256K1 support as a part of the migration to Azure Linux (#6592).

6.0.0-dev3

Changed

• Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent updates allow host-initiated attestations (#6583).
• Added ccf::cose::edit::set_unprotected_header() API, to allow easy injection of proofs in signatures, and of receipts in signed statements (#6586).

6.0.0-dev2

Added

• Introduced ccf::describe_cose_endorsements_v1(receipt) for COSE-endorsements chain of previous service identities (#6500).
• Ignore time when resolving did:x509 against x5chain, resolution establishes a point-in-time endorsement, not ongoing validity (#6575).

5.0.7

• Ignore time when resolving did:x509 against x5chain, resolution establishes a point-in-time endorsement, not ongoing validity (#6575).

6.0.0-dev1

Changed

• Output of ccf::describe_merkle_proof_v1(receipt) has been updated, and is now described by ccf-tree-alg schema.
• Improved error message when attempting to obtain receipts for a past epoch during a recovery (#6507).

4.0.22

Base image

• Updated container base image.

6.0.0-dev0

Changed

• The set_jwt_issuer governance action has been updated, and no longer accepts key_filter or key_policy arguments (#6450).
• Nodes started in Join mode will shut down if they receive an unrecoverable condition such as StartupSeqnoIsOld or InvalidQuote when attempting to join (#6471, #6489).
• In configuration, attestation.snp_endorsements_servers can specify a max_retries_count. If the count has been exhausted without success for all configured servers, the node will shut down (#6478).
• When deciding which nodes are allowed to join, only UVM roots of trust defined in public:ccf.gov.nodes.snp.uvm_endorsements are considered (#6489).

Removed

• SGX Platform support.

Added

• Provided API for getting COSE signatures and Merkle proofs (#6477).
• Exposed COSE signature in historical API via TxReceiptImpl.
• Introduced ccf::describe_merkle_proof_v1(receipt) for Merkle proof construction in CBOR format.
• Added COSE signatures over the Merkle root to the KV (#6449).
• Signing is done with service key (different from raw signatures, which remain unchanged and are still signed by the node key).
• New signature reside in public:ccf.internal.cose_signatures.

5.0.6

Bug fixes

• Added COSE signature verification to consume signature transactions from upgraded primary (#6495).

5.0.5

Bug fix

• Nodes can be started in recovery mode from a snapshot alone (#6472)