Minor change to testing defaults to make updating go-tpm-tools smoother.

What's Changed

• Fix SevProduct defaults for downstring testclient by @deeglaze in #95
• Add product utility unit tests by @deeglaze in #94

Full Changelog: v0.9.2...v0.9.3

Mostly changes to tests, but some behavior changes related to machine stepping.
This release deprecates the stepping field of the SevProduct in favor of the optional UInt32Value type. The new field is machine_stepping.

What's Changed

• Return after t.Skip() by @deeglaze in #86
• Remove debug println by @deeglaze in #87
• Actually skip skipped test by @deeglaze in #88
• Fix check tool product behavior on hardware by @deeglaze in #92
• Add DisableCertFetching verify_test mode by @deeglaze in #93

Full Changelog: v0.9.1...v0.9.2

Bug fix update, including a protobuf field name change to SevProduct: ModelStepping is now just Stepping.

What's Changed

• Fix internal linter error by @deeglaze in #82
• fix: function asmCpuid missing Go declaration by @Laisky in #83
• Fix "modelstepping" handling in verification by @deeglaze in #85

New Contributors

• @Laisky made their first contribution in #83

Full Changelog: v0.9.0...v0.9.1

This release adds a new option for validation, CertTableOptions, that is more open-ended to add extra validation for specified GUID strings. With this change, we deprecate the CertificateChain message's firmware_cert in favor of a general "extras" map.

The extras map contains any "unknown" GUID entries (i.e., unspecified by the GHCB specification) in the certificate table returned by GetExtendedReport. The ASVK remains a special circumstance that AMD's kernel department needs to clarify with AMD's KDS department.

In order for this library to continue to be general purpose, the gce.go constant definition is removed in favor of separating that logic into a different repository that can provide a validation function and GUID constant to pass in as validation options when the user knows to expect GCE-specific certificates.

What's Changed

• Use len(...) == 0 instead of == nil by @deeglaze in #78
• Add CertTableOptions for "extra" certs by @deeglaze in #81

Full Changelog: v0.8.0...v0.9.0

Biggest change is VLEK support in the verifier and validator.

What's Changed

• client: fix Windows builds by @msanft in #74
• Make test KDS tri-value, deprecate --test_use_kds. by @deeglaze in #75
• Update dependencies and CI's protobuf version by @deeglaze in #76
• Add support for validating VLEK certificates by @deeglaze in #67

Full Changelog: v0.7.1...v0.8.0

Minor bug fix update to amend which TCB version is used from an attestation report to fill from KDS.

What's Changed

• Allow PEM format certificates by @deeglaze in #66
• Improve product handling in attestations by @deeglaze in #65
• fix link to AMD docs by @datosh in #68
• Make error when getting certificates more transparent for user by @datosh in #70
• fix: Use reported TCB when fetching VCEK by @msanft in #73
• Fix TrustedKeyKeys typo by @msanft in #71

New Contributors

• @datosh made their first contribution in #68
• @msanft made their first contribution in #73

Full Changelog: v0.6.2...v0.7.1

This release has 1 major semantic change and a few minor bug fixes.

Major change:

• PR#59: TCB versions are interpreted with the viewpoint of a fleet of machines rather than a more tightly constrained ordering relationship of TCB versions within a single node.

Substantive changes:

• PR#56: GitHub releases should now have prebuilt binaries of the CLI tools attached for easier adoption.
• PR#50: Adds INSTALL.md instructions for expectations about the sev-guest device

Minor changes:

• PR#63: Fixes the 32-bit build. Required for the 32-bit build of go-tpm-tools.
• PR#61: Corrects an error condition matcher that tests use, and fixes the impacted tests.
• PR#60: Typo fix.
• PR#58: Fixes an ASN1 string encoding in test-only fake certificate generation from PrintableString to IA5String.
• PR#57: Removes a workaround for clock skew on AMD KDS's NotBefore timestamp since they now back-date certificates by 24 hours.
• PR#54: Updates the AMD SEV certificate link to correspond to AMD's website reorganization.
• PR#47: A minor change to permit VLEK certificates in report data, but not yet fully support them.
• PR#46: Fixes linter errors about unused receiver variables.

Changelog

• 40a285c Account for unexpected errors better in Match
• 74ccb7f Add a GoReleaser release action
• acd7c82 Add an INSTALL.md document
• 52039f7 Fix 'priviledged' typo
• d6cd532 Fix 32-bit builds
• efdb2cf Fix ASN1 type discrepancy in fake certificates
• d179b8f Fix Issue#51 with new TCB validation
• 27d7d52 Fix broken link in README
• df775bc Lint cleanup for _ receivers
• bfc5fd1 Merge pull request #46 from deeglaze/lint
• e422105 Merge pull request #47 from derpsteb/fix/flags_bitmask
• a3e7158 Merge pull request #50 from deeglaze/install
• 708b4eb Merge pull request #54 from deeglaze/sevcert
• e3c8cd5 Merge pull request #56 from deeglaze/releasebin
• 5b44841 Merge pull request #57 from deeglaze/skewbgone
• 8b363ef Merge pull request #58 from deeglaze/fixia5
• 14e1b8e Merge pull request #59 from deeglaze/tcbcomp
• d2f2129 Merge pull request #60 from deeglaze/privtypo
• 8271b48 Merge pull request #61 from deeglaze/errs
• 14ac50e Merge pull request #63 from deeglaze/bit32
• 4a4701c Remove KDS clock skew workaround
• 77cc6c1 Update attestation_report 'flags' bitmask

Minor fix for self rate-limiting to go slower and allow configurable values, since production attestation tests can still fail with a deleted VMPCK0.

Rerelease of v0.6 to integrate more smoothly with Golang tools.