Enarx 0.7.0: Gutenberg Castle

This release is a developer-only, preview release. It is not production ready. We hope that you will experiment with it to see the progress we are making.

What's Changed

Features

• Add support for threading and synchronization by @haraldh in #2179
• Use tracing instead of log for logging by @haraldh in #2183
• Error on unknown fields by @rvolosatovs in #2193
• Print child stderr in tests by @rvolosatovs in #2194
• Introduce file types by @rvolosatovs in #2197
• Implement basic threading support for SGX by @haraldh in #2186
• Add an extra stack for CSSA > 0 by @haraldh in #2220
• Use CSSA level 0 EEXIT to return from exit() syscall by @haraldh in #2222
• Rename enarxcall TrimSgxPages to ModifySgxPageType by @haraldh in #2246
• Implement dynamic thread allocation by @haraldh in #2250
• Specify OIDC scopes and audience by @puiterwijk in #2311
• Remove naked functions by @bstrie in #2350
• Add client secrets login by @rvolosatovs in #2356
• Complete the TCS page struct and add the flags by @haraldh in #2366
• Set the keep's DEBUG flag on features dbg or gdb by @haraldh in #2385
• Crl caching by @rjzak in #2392
• Use new mmledger API by @haraldh in #2397
• Handle CSSA 0-3 with 2 sallyport blocks by @haraldh in #2396
• Add page fault handling and lazy mmap by @haraldh in #2406
• Add flame graph by @ishme-al in #2391
• Only log enarx workspace events by @rvolosatovs in #2437
• Snp backend sends CRL for attestation by @rjzak in #2428
• Sgx backend sends CRL for attestation by @rjzak in #2393
• Introduce dbg feature for exec-wasmtime by @rvolosatovs in #2454
• Store CRL & originating URL by @rjzak in #2447
• Add lazy memory mapping by @haraldh in #2429

Fixes

• Use SnpReportRequest struct by @haraldh in #2178
• Log filter parsing by @haraldh in #2185
• Default to Profian Steward by @rvolosatovs in #2189
• Remove custom Serialize implementation by @rvolosatovs in #2190
• Reenable enarx deploy tests by @rvolosatovs in #2191
• Avoid capitalizing file names by @rvolosatovs in #2192
• Use a domain name in TLS connect by @rvolosatovs in #2195
• Use unbounded ranges in patterns by @bstrie in #2201
• Minor improvements by @rvolosatovs in #2196
• Replace echo server with hello world in integration test by @bstrie in #2207
• Optimize wasm example by @bstrie in #2208
• Handle cannot-be-a-base URLs in enarx deploy by @bstrie in #2206
• Disallow invalid file names by @rvolosatovs in #2202
• Reorganize by @rvolosatovs in #2204
• Parse Config, not Option<Config> by @rvolosatovs in #2223
• Set HWCAP2 and clear fsbase by @haraldh in #2221
• Outgoing TLS connections, localhost handling by @rvolosatovs in #2174
• Remove unused token by @rvolosatovs in #2224
• Ignore Windows listener tests by @rvolosatovs in #2227
• Switch to tracing by @rvolosatovs in #2226
• Replace unicode chars by @haraldh in #2233
• Revert "test(wasm): avoid using serial" by @haraldh in #2238
• Don't output dbg for SYS_clock_gettime by @haraldh in #2239
• Sync TLS listener and stream applications with upstream by @rvolosatovs in #2240
• Rely on exit code by @haraldh in #2244
• Check output during CLI integration tests by @bstrie in #2249
• Parse JSON in CLI tests and refactor by @bstrie in #2254
• Support all platforms in tests by @rvolosatovs in #2276
• Remove IS_X86_64_LINUX variable by @rvolosatovs in #2275
• Fix tests when RUST_BACKTRACE is set by @bstrie in #2315
• Correct main ref name for sign by @puiterwijk in #2313
• Parse CLI properly in integration test by @bstrie in #2349
• Prevent test FD from being prematurely dropped by @rvolosatovs in #2348
• Remove EncodePrivateKey workaround by @haraldh in #2361
• Prevent workload FD from being dropped by @rvolosatovs in #2357
• Remove unnecessary usage of Lazy by @bstrie in #2382
• Remove unused test binary by @rvolosatovs in #2370
• Return ExitCode, don't 'exit' by @rvolosatovs in #2384
• Refine sgx error handling especially for threads by @haraldh in #2386
• Unused import: std::process::ExitCode by @haraldh in #2387
• Remove unused crt0 environment variables by @rvolosatovs in #2398
• Check brk region for lower limit by @haraldh in #2402
• Use spin crate instead of spinning by @haraldh in #2410
• Remove comment about SEV-SNP TCB by @haraldh in #2415
• Make shims cargo test --workspace compatible by @haraldh in #2423
• Use workspace version of gdbstub by @haraldh in #2426
• Cross-platform --workspace support by @rvolosatovs in #2421
• Set Cr0Flags::MONITOR_COPROCESSOR by @haraldh in #2441
• Rework on-disk signature file locking by @rvolosatovs in #2436
• Wrap output writer into a LineWriter by @rvolosatovs in #2439
• Remove -v argument by @rvolosatovs in #2438
• Fix client/full test by @haraldh in #2457
• Split zerooneone test by @haraldh in #2458

... and multiple build and automation improvements.

Requirements

• Rust nightly

Installation

For installation instructions, please see our updated Quick Installation guide.

For more detailed instructions, including instructions on how to configure your Trusted Execution Environments or compile from source, please refer to our Install Enarx from Source guide.

Known (Temporary) Issues

• No filesystem support yet
• Custom kernel required for AMD SEV-SNP-based machines

Contributors

A hearty thanks to everyone who has contributed over the last few years. This release would not be successful without you!

@MikeCamel @npmccallum @haraldh @connorkuehl @lkatalin @mbestavros @wgwoods @axelsimon @ueno @ziyi-yan @ambaxter @squidboylan @blazebissar @michiboo @matt-ross16 @jyotsna-penumaka @steveeJ @greyspectrum @rvolosatovs @lilienbm @CyberEpsilon @kubkon @nickvidal @uudiin @zeenix @sagiegurari @platten @greyspectrum @bstrie @jarkkojs @definitelynobody @rjzak @Deepansharora27 @mayankkumar2 @moksh-pathak @puiterwijk @dpal

New Contributors

• @github-actions made their first contribution in #2284
• @dpal made their first contribution in #2408
• @ishme-al made their first contribution in #2391

Full Changelog: v0.6.4...v0.7.0