SEV-SNP with dm-verity

policy: update sample

Update sample that hasn't been tested in a long time.

Signed-off-by: Dan Mihai <[email protected]>

SEV SNP support for CH with fixes

Re-enable seccomp in clh-snp config (#46)

Signed-off-by: Dallas Delaney <[email protected]>

SEV SNP support for CH

• Enable SNP in CH when running SEV SNP guests
• Set host_data value
• Temporary adjustments with restrictions in CH

Release 0.6.0

• Rebase against upstream's 0.6.0 branch
• Add latest policy and snapshotter changes
• Enable SNP and IGVM options

cc-0.4.2

Update the tardev snapshotter
Bug fixes
Add dm-verity protected container image layers
Improve the genpolicy tool
Clean up tarfs layers after a container exits

cc-0.4.1-2

• Add dm-verity protected container image layers
• Improve the genpolicy tool
• Clean up tarfs layers after a container exits

cc-0.4.1

Permissive default Policy and CVE fixes

• The default Security Policy allows all or most API calls from the Host to the UVM. This allows tests to work as before the Policy feature was implemented. However, this is not a secure/Confidential policy.

• To use an appropriate (secure) policy for your pods, add that policy to your YAML files as described in the genpolicy doc.

• In future AKS-CC images, a very restrictive Policy will be used by default. Then, adding an appropriate Policy to your YAML will be mandatory - otherwise your pods will not work at all.

• Fix CVEs: GHSA-g4h2-4wvh-grc5 GHSA-96jv-r488-c2rj GHSA-7rrj-xr53-82p7 GHSA-f8vr-r385-rh5r GHSA-v5w6-wcm8-jm4q GHSA-r7jw-wp68-3xch GHSA-x4qr-2fvf-3mr5 GHSA-w2w6-xp88-5cvw GHSA-p52g-cm5j-mjv4

Release based on cc-msft-prototypes rebased over upstream tag 0.4.0

tardev: add `Cargo.lock` for snapshotter

Signed-off-by: Wedson Almeida Filho <[email protected]>

cc-0.1.0-cargo

Cargo vendor release based on cc-msft-prototypes branch

Release based on cc-msft-prototypes

Release based on cc-msft-prototypes using new naming scheme for package kata-containers-cc