The System Transparency project is happy to announce a new ST collection
release, st-1.1.0. See NEWS entries below for a summary of changes.
The documentation for this release is available at
https://docs.system-transparency.org/st-1.1.0/
A release tar file is published at
https://dist.system-transparency.org/st/st-1.1.0.tar.gzhttps://dist.system-transparency.org/st/st-1.1.0.tar.gz.sig
The release keys used for both the release tar file and the
corresponding git tags are published at
https://www.system-transparency.org/keys
This collection release corresponds to the manifest file
https://git.glasklar.is/system-transparency/core/system-transparency/-/blob…
Project homepage and contact information can be found at
https://www.system-transparency.org/
Cheers,
The System Transparency team
NEWS for st-1.1.0
This is an update to the st-1.0.0 collection release, with
one bug fix and a few new features requested by users. It is
intended to be backwards compatible with the st-1.0.0 collection.
Using a relative os_pkg_url for OS packages served (one of the new
features) requires an stboot upgrade, or else the boot will fail.
Bug fixes:
* stboot: When stboot is started as the init process (pid 1), it
now loads kernel modules *before* mounting the efivarfs.
Previously, accessing EFI variables required that the efivarfs
driver was compiled statically into the kernel, rather than as a
module. See https://docs.system-transparency.org/st-1.1.0/docs/reference/stboot-system/…
for init process alternatives and how to configure module loading
when stboot is started as the init process.
Features:
* stboot: If a provisioning OS package is included in the stboot
image, the operator can force stboot into provisioning mode by
pressing Ctrl-C to interrupt normal boot, and stboot can
similarly enter provisioning mode if normal boot fails for any
other reason. See https://docs.system-transparency.org/st-1.1.0/docs/reference/stboot-system/…
* stboot, stmgr: the OS package archive URL (os_pkg_url) can now be
relative to the OS package pointer. Avoid use of this extension
if backwards compatibility with older stboot versions is needed.
See https://docs.system-transparency.org/st-1.1.0/docs/reference/os_package/#de…
For information on how releases are made in System Transparency, see
https://docs.system-transparency.org/st-1.1.0/docs/releases/
The included components and their versions are specified in the
collection's manifest file. Documentation for the collection can be
generated from the included components, see docs. Documentation is
also published at https://docs.system-transparency.org/st-1.1.0/.
The ST team is happy to announce a new release of the stboot bootloader,
tag v0.4.3, which succeeds the previous release at tag v0.3.6. The
source code for this release is available from the git repository:
git clone -b v0.4.3 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at:
https://www.system-transparency.org/keys
The tag signature can be verified using the following command:
git -c gpg.format=ssh \
-c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.4.3
The expectations and intended use of the stboot bootloader is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/v0.4.3/RELEA…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers,
The ST team
NEWS for stboot v0.4.3
This release of stboot includes bug fixes and new features. The
most notable feature is the ability to enter provisioning mode even
if a host configuration has already been provisioned on the system.
Bug fixes:
* When running stboot as the init process, load kernel modules
before trying to mount /sys/firmware/efi/efivars. This ensures
EFI variables will work when the efivarfs driver is provided as a
loadable kernel module (rather than being built into the kernel).
For users that use u-root as the init process: be aware that the
same issue which has now been fixed in stboot still remains open
in u-root, see https://github.com/u-root/u-root/issues/2993.
* Properly wait for the selected network interfaces to reach state
UP before considering the network to be configured successfully.
This ensures stboot will not spend any of its retries due to
interfaces that are not up yet.
New features and improvements:
* If a provisioning OS package is included in the stboot image,
it is now possible to enter provisioning mode if the provisioned
host configuration is invalid or if the user presses Ctrl-C. See
docs/stboot-system.md for details and security implications.
* The OS package descriptor now supports "os_pkg_url" to be
relative to the descriptor's (absolute) base URI. Refer to the OS
package specification for the exact resolution rules.
This release has been tested to work with:
* Artifacts produced by stmgr v0.4.0 (pre-release version).
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.4.0
* Systems provisioned with stprov v0.3.8 (pre-release version)
https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.8
This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/cont…
The ST team is happy to announce a new release of the stmgr program,
tag v0.4.1, which succeeds the previous release at tag v0.3.3. The
source code for this release is available from the git repository:
git clone -b v0.4.1 https://git.glasklar.is/system-transparency/core/stmgr.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.4.1
The expectations and intended use of the stmgr program is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stmgr/-/blob/v0.4.1/RELEAS…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stmgr repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stmgr/-/issues
Cheers,
The ST team
NEWS for stmgr v0.4.1
This release adds support for using relative OS package URLs.
New features and improvements:
* The stmgr ospkg subcommand now supports using a relative URL for
the OS package archive to download (os_pkg_url). Refer to the OS
package documentation for further details on this feature.
https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/cont…
Compatibility:
* This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/cont…
* Artifacts generated by this release of stmgr are tested with
stboot pre-release version v0.4.0, and are expected to work with
the final stboot release version as well.
* As long as only absolute URLs are specified for the os_pkg_url,
artifacts generated by this release of stmgr are fully compatible
with stboot-v0.3.6.
The ST team is happy to announce a new collection release: st-1.0.0.
The tar archive and a corresponding signature can be downloaded at
https://dist.system-transparency.org/
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys/
The signature can be verified using the command
ssh-keygen -Y verify -n file \
-f allowed-ST-release-signers \
-I releases(a)system-transparency.org \
-s st-1.0.0.tar.gz.sig < st-1.0.0.tar.gz
The NEWS file in the tar archive summarizes changes since the previous
release. An excerpt from the latest NEWS-file entry is included below
for convenience.
The tar archive also includes documentation that gets rendered at
https://docs.system-transparency.org/st-1.0.0/
If you find any bugs, please file issues in the affected component
repositories or report them on the System Transparency discuss list.
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…
Cheers,
The ST team
NEWS for st-1.0.0
This is the first stable collection release of System Transparency.
By "stable", we mean that subsequent releases within the same major
version will be backwards compatible. The ST version 1 collection
is supported for at least one year, until 2025-06-01.
For information on how releases are made in System Transparency, see
https://git.glasklar.is/system-transparency/project/docs/-/tree/main/conten….
The included components and their versions are specified in the
collection's manifest file. Documentation for the collection can be
generated from the included components, see docs. Documentation is
also published at https://docs.system-transparency.org/st-1.0.0/.
Compared to previous System Transparency releases that were more
experimental, this collection release includes components with a few
new features, improved backwards compatibility with systems
provisioned using older tools and conventions, and much improved
documentation. Some obsolete features with no known usage have been
deleted. See the NEWS files of each component for details.
The ST team is happy to announce a new release of the stmgr programm,
tag v0.3.3, which succeeds the previous release at tag v0.2.2. The
source code for this release is available from the git repository:
git clone -b v0.3.3 https://git.glasklar.is/system-transparency/core/stmgr.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.3.3
The expectations and intended use of the stmgr program is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stmgr/-/blob/main/RELEASES…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stmgr repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stmgr/-/issues
Cheers,
The ST team
NEWS for stmgr v0.3.3
This release is an update to match the stboot-0.3.6 release. The
main new features relate to signing: UKI executables can now be
signed for Secure Boot. Signatures on OS packages and certificates
can now use private keys accessed via the ssh-agent protocol,
enabling use of keys residing on a more secure hardware device.
Incompatible changes:
* Generation of UKI files no longer defaults to using
/usr/lib/systemd/boot/efi/linuxx64.efi.stub. It now defaults to
a stub file embedded at stmgr compile time. (See uki/stub/README
for which version is embedded).
* The out-of-date "stmgr provision" subcommand has been deleted.
New features and improvements:
* Signing OS packages (stmgr ospkg sign) can now use ssh-agent to
access the private signing key, see docs/manual.md.
* Creating certificates (stmgr keygen certificate) used to always
create a new keypair as part of the process. That key generation
is now optional. More precisely, a root certificate can be
created for a private key specified with the -rootKey option,
including support for ssh-agent to access the private key. A
leaf certificate can be created with the new -leafKey option
specifying the public key to be certified.
* Host config validation (stmgr hostconfig check) has been updated
to match recent changes in stboot, including backwards
compatibility. Submission of additional host config files to
check in stmgr regression tests are welcome.
* The command "stmgr uki create" can now optionally sign the
generated UKI for Secure Boot; new flags: -signkey, -signcert.
* Improved documentation, new docs/manual.md.
Miscellaneous:
* Improved integration tests.
Compatibility:
* This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.2.0/cont…
* Artifacts generated by this release of stmgr are tested with
stboot pre-release version v0.3.5, and are expected to work with
the stboot release v0.3.6.
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.3.6
The ST team is happy to announce a new release of the stprov software,
tag v0.3.5, which succeeds the previous release at tag v0.2.1. The
source code for this release is available from the git repository:
git clone -b v0.3.5 https://git.glasklar.is/system-transparency/core/stprov.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys/
and the tag signature can be verified using the command
git -c gpg.format=ssh \
-c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.3.5
The expectations and intended use of the stprov software is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.3.5/RELEA…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stprov repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stprov/-/issues
system-transparency-core-stprov-issues(a)incoming.glasklar.is
Cheers,
The ST team
NEWS for stprov v0.3.5
This release mainly improves documentation, test coverage, and fixes bugs.
There are a few minor features added relating to the stprov command-line UI,
and a little bit of clean-up as summarized in the miscellaneous section.
Incompatible changes
* The -b option no longer accepts interface names that contain comma.
Security fixes:
* The -a option in stprov remote-run accepts addresses in CIDR notation,
but falls back on /32 if an address omits the subnet mask. The same
subnet mask was used for IPv6, resulting in a much larger subnet. This
issue has been fixed, such that the default IPv6 subnet-mask is /128.
Bug fixes
* Produce host configurations that are compatible with stboot (stprov and
stboot diverged on how to handle empty values, which has now been fixed).
* Correctly set the host configuration fields "bonding_mode" and
"bond_name". The bonded interface name is always set to "bond0".
* Add a Makefile option for setting custom OS-package URLs. The
built-in default used to be hardcoded without a good way of changing it.
* Read TLS roots from a location that is consistent with stboot. The
consulted location is "/etc/trust_policy/tls_roots.pem".
* Several nits and confusions in the stprov usage message were fixed.
New features:
* Options with multiple values can be specified as a comma-separated
list (-e val,val) and/or by repeating the option (-e val -e val). This
makes the UX consistent for the -a, -b, and other multi-value options.
* The -r option can accept multiple OS-package URLs.
* The -d option can accept multiple DNS servers. The built-in default
has as a result also been updated to include Quad9's secondary server.
New documentation:
* System documentation has been added, see docs/stprov-system.md.
* Usage manual has been added, see docs/stprov-manual.md.
Miscellaneous:
* The OS package URL (-r) and user/password (-u/-p) options are no longer
mutually exclusive. The user and password options are instead silently
ignored for OS package URLs without the "user:password" pattern.
* The host configuration fields "authentication" and "identity" were
removed. So, the dummy "foo" and "bar" values are no longer written.
Note that stprov never supported any real use of the removed fields.
* The host configuration field "timestamp" was removed. In other words,
the platform's host configuration no longer indicates a provisioning date.
* Failing HEAD requests on OS package URLs are treated as errors rather
than warnings. This behavior can be overridden with the force flag (-f).
* Major improvements to the QEMU test coverage, see integration/qemu.sh.
This release implements the following specifications:
* The system documentation in this repository (docs/stprov-system.md)
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/cont…
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/cont…
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/cont…
This release has been tested to work with:
* stboot's provision mode, release tag v0.3.6:
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.3.6
* ISO building using stmgr, pre-release tag v0.3.2:
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.3.2
The ST team is happy to announce a new release of the stboot bootloader,
tag v0.3.6, which succeeds the previous release at tag v0.2.2. The
source code for this release is available from the git repository:
git clone -b v0.3.6 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
tag --verify v0.3.6
The expectations and intended use of the stboot bootloader is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/main/RELEASE…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l…https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers,
The ST team
NEWS for stboot v0.3.6
This stboot release is intended as a stable "status quo" release.
There are few new features. Compatibility with existing
deployments has been improved, and both documentation and testing
has been improved compared to previous releases.
When upgrading, the intention is that this release should be
compatible with host config files as used by stboot v0.2.2, as
well as with host config files for even older stboot versions
deployed by early adopters. However, deployment processes and
scripts will need updates. E.g., the initramfs where you install
stboot needs to have the tls root certificates in a new location
(see below), and you may want to arrange so that stboot is the
system's init process.
Security fixes:
* The threshold signature logic has been updated to require
distinct public keys (the SubjectPublicKeyInfo field in the x509
certificate) in order to consider two certificates as distinct.
Previously, multiple signatures by the same key could count as
distinct, e.g., if there are multiple certificates for that key,
with overlapping vality periods.
Incompatible changes:
* The location where stboot reads the https root certificates has
been moved, from /etc/ssl/certs/isrgrootx1.pem to
/etc/trust_policy/tls_roots.pem. See
https://git.glasklar.is/system-transparency/project/documentation/-/blob/ma…
for details.
* Delete the feature of "$ID" and "$AUTH" substitution in the host
config's os_pkg_pointer value. We are not aware of anyone ever
using this feature. Constructing the url or filename by
substituting host specific settings in a template is useful, but
better left to the provisioning tools that create the host
config.
* Network configuration in stboot has been fixed to respect the
order of interfaces in the host config's network_interfaces
list; previously, it would prefer the last rather than the first
listed interface.
New stboot features and improvements:
* The tls root certificate file is required only for network
boot, for initramfs boot that file can now be omitted.
* Add backwards compatibility to parsing of the host config.
Stboot now recognizes old ways of using the json keys "dns",
"network_interfaces", and adds fallbacks for recognizing the
obsolete json keys "provisioning_urls" and "network_interface"
(singular).
* Relax parsing of host config and other json data to treat
missing keys in the same way as keys explicitly set to null.
* Add informative logging when starting file downloads.
* Documentation updates, including a new file docs/stboot-system.md
and specifications at https://docs.system-transparency.org.
* Support for running stboot as the system's init (pid 1) process.
Previously, it was recommended to use u-root as the init
process, and let u-root spawn stboot as a regular process.
Go library changes (no expected stability between stboot releases):
* Delete the sterror package.
* Change method OSPackage.Sign to use crypto.Signer for the
private key. Delete the ospkg.Signer interface, in favor of
crypto.Signer.
* Delete lots of unused code, including various exported functions.
Miscellaneous:
* Improved test coverage, both unit tests and integration tests.
This release has been tested to work with:
* Artifacts produced by stmgr v0.3.2 (pre-release version).
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.3.2
* Provisioning using stprov v0.3.3 (pre-release version)
https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.3
This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/96fe394b162…
The ST team is happy to announce a new release of the ST documentation,
tag v0.1.0, which is the first release. The
documentation is available as git repository:
https://git.glasklar.is/system-transparency/project/docs
and as a deployed homepage at:
https://docs.system-transparency.org/
The expectations and intended use of the st docs is documented
in the repository's RELEASES file. This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/project/docs/-/blob/main/RELEAS…
Learn about what's new in a release from the repository's NEWS file. An
excerpt from the latest NEWS-file entry is listed below for convenience.
https://git.glasklar.is/system-transparency/project/docs/-/blob/main/NEWS.md
If you find any issues, please open an issue or MR at the documentation repository.
Cheers,
The ST team
NEWS for docs v0.1.0
We are excited to announce the initial release of ST Documentation,
version v0.1.0. This release marks a significant milestone in our
journey to provide comprehensive and user-friendly documentation for the
ST ecosystem. It's important to note that this version is the first step
in our ongoing effort to develop and refine our documentation. It is an
early release that sets the foundation for future improvements and expansions.
### Key Highlights of v0.1.0
- Quickstart Guide: To help new users get up and running, we've included
a Quickstart Guide. This guide is designed to provide a straightforward
introduction to the ST ecosystem, making it easier for newcomers to
start their journey.
- Interface Documentation: We've meticulously documented the interfaces
within the ST ecosystem. This includes detailed descriptions of
functions, classes, and modules, providing a valuable resource for both
developers and users seeking a deeper understanding of the system's
internals. Still some interfaces might be missing and added lat
- Learn More Resources: For those who wish to dive deeper, we've added a
"Learn More" section. Here, you'll find resources and materials that
cover various aspects of the ST ecosystem in more detail, perfect for
users who wish to expand their knowledge and skills.
## A Note on Stability
Please note that v0.1.0 is not meant to be a stable release. It's the
beginning of a iterative process, and as such, we expect to make
frequent updates and improvements. Users should be prepared for changes
and enhancements in subsequent releases. We're committed to rapidly
evolving and updating our documentation to meet the needs of our community.
### Future Plans
- Regular Updates: We will be regularly releasing updates to improve and
expand our documentation.
- Community Feedback: We strongly encourage feedback from our users.
Your insights are invaluable in helping us refine and enhance our documentation.
- Expanding Content: Expect to see more tutorials, in-depth guides, and
comprehensive reference materials in future releases.
## Getting Involved
The ST Documentation is a community-driven project, and we welcome
contributions from everyone. Whether it's providing feedback, reporting
issues, or contributing content, your involvement is what makes this
project grow and improve.
### Stay Updated
To keep abreast of the latest developments and upcoming releases, please
follow our project's channels and stay connected with the community.
We thank you for your support and interest in ST Documentation. Let's
make it a robust and valuable resource together!