The ST team is happy to announce a new release of the stboot bootloader,
tag v0.3.6, which succeeds the previous release at tag v0.2.2. The
source code for this release is available from the git repository:
git clone -b v0.3.6 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.3.6
The expectations and intended use of the stboot bootloader is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/main/RELEASE…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers,
The ST team
NEWS for stboot v0.3.6
This stboot release is intended as a stable "status quo" release.
There are few new features. Compatibility with existing
deployments has been improved, and both documentation and testing
has been improved compared to previous releases.
When upgrading, the intention is that this release should be
compatible with host config files as used by stboot v0.2.2, as
well as with host config files for even older stboot versions
deployed by early adopters. However, deployment processes and
scripts will need updates. E.g., the initramfs where you install
stboot needs to have the tls root certificates in a new location
(see below), and you may want to arrange so that stboot is the
system's init process.
Security fixes:
* The threshold signature logic has been updated to require
distinct public keys (the SubjectPublicKeyInfo field in the x509
certificate) in order to consider two certificates as distinct.
Previously, multiple signatures by the same key could count as
distinct, e.g., if there are multiple certificates for that key,
with overlapping vality periods.
Incompatible changes:
* The location where stboot reads the https root certificates has
been moved, from /etc/ssl/certs/isrgrootx1.pem to
/etc/trust_policy/tls_roots.pem. See
https://git.glasklar.is/system-transparency/project/documentation/-/blob/ma…
for details.
* Delete the feature of "$ID" and "$AUTH" substitution in the host
config's os_pkg_pointer value. We are not aware of anyone ever
using this feature. Constructing the url or filename by
substituting host specific settings in a template is useful, but
better left to the provisioning tools that create the host
config.
* Network configuration in stboot has been fixed to respect the
order of interfaces in the host config's network_interfaces
list; previously, it would prefer the last rather than the first
listed interface.
New stboot features and improvements:
* The tls root certificate file is required only for network
boot, for initramfs boot that file can now be omitted.
* Add backwards compatibility to parsing of the host config.
Stboot now recognizes old ways of using the json keys "dns",
"network_interfaces", and adds fallbacks for recognizing the
obsolete json keys "provisioning_urls" and "network_interface"
(singular).
* Relax parsing of host config and other json data to treat
missing keys in the same way as keys explicitly set to null.
* Add informative logging when starting file downloads.
* Documentation updates, including a new file docs/stboot-system.md
and specifications at https://docs.system-transparency.org.
* Support for running stboot as the system's init (pid 1) process.
Previously, it was recommended to use u-root as the init
process, and let u-root spawn stboot as a regular process.
Go library changes (no expected stability between stboot releases):
* Delete the sterror package.
* Change method OSPackage.Sign to use crypto.Signer for the
private key. Delete the ospkg.Signer interface, in favor of
crypto.Signer.
* Delete lots of unused code, including various exported functions.
Miscellaneous:
* Improved test coverage, both unit tests and integration tests.
This release has been tested to work with:
* Artifacts produced by stmgr v0.3.2 (pre-release version).
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.3.2
* Provisioning using stprov v0.3.3 (pre-release version)
https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.3
This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/96fe394b162…