Skip to content

v0.9.0 [Broken, use v0.9.1]
Compare
Choose a tag to compare
@deeglaze deeglaze released this 19 Sep 20:16
· 99 commits to main since this release
v0.9.0
28d8e00
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release adds a new option for validation, CertTableOptions, that is more open-ended to add extra validation for specified GUID strings. With this change, we deprecate the CertificateChain message's firmware_cert in favor of a general "extras" map.

The extras map contains any "unknown" GUID entries (i.e., unspecified by the GHCB specification) in the certificate table returned by GetExtendedReport. The ASVK remains a special circumstance that AMD's kernel department needs to clarify with AMD's KDS department.

In order for this library to continue to be general purpose, the gce.go constant definition is removed in favor of separating that logic into a different repository that can provide a validation function and GUID constant to pass in as validation options when the user knows to expect GCE-specific certificates.

What's Changed

Full Changelog: v0.8.0...v0.9.0

Contributors

deeglaze
Assets 4
Loading