The ST team is happy to announce a new release of the stboot bootloader, tag v0.3.6, which succeeds the previous release at tag v0.2.2. The source code for this release is available from the git repository:
git clone -b v0.3.6 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at https://www.system-transparency.org/keys, and the tag signature can be verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.3.6
The expectations and intended use of the stboot bootloader is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/main/RELEASES...
Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li... https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers, The ST team
NEWS for stboot v0.3.6
This stboot release is intended as a stable "status quo" release. There are few new features. Compatibility with existing deployments has been improved, and both documentation and testing has been improved compared to previous releases.
When upgrading, the intention is that this release should be compatible with host config files as used by stboot v0.2.2, as well as with host config files for even older stboot versions deployed by early adopters. However, deployment processes and scripts will need updates. E.g., the initramfs where you install stboot needs to have the tls root certificates in a new location (see below), and you may want to arrange so that stboot is the system's init process.
Security fixes:
* The threshold signature logic has been updated to require distinct public keys (the SubjectPublicKeyInfo field in the x509 certificate) in order to consider two certificates as distinct. Previously, multiple signatures by the same key could count as distinct, e.g., if there are multiple certificates for that key, with overlapping vality periods.
Incompatible changes:
* The location where stboot reads the https root certificates has been moved, from /etc/ssl/certs/isrgrootx1.pem to /etc/trust_policy/tls_roots.pem. See https://git.glasklar.is/system-transparency/project/documentation/-/blob/mai... for details.
* Delete the feature of "$ID" and "$AUTH" substitution in the host config's os_pkg_pointer value. We are not aware of anyone ever using this feature. Constructing the url or filename by substituting host specific settings in a template is useful, but better left to the provisioning tools that create the host config.
* Network configuration in stboot has been fixed to respect the order of interfaces in the host config's network_interfaces list; previously, it would prefer the last rather than the first listed interface.
New stboot features and improvements:
* The tls root certificate file is required only for network boot, for initramfs boot that file can now be omitted.
* Add backwards compatibility to parsing of the host config. Stboot now recognizes old ways of using the json keys "dns", "network_interfaces", and adds fallbacks for recognizing the obsolete json keys "provisioning_urls" and "network_interface" (singular).
* Relax parsing of host config and other json data to treat missing keys in the same way as keys explicitly set to null.
* Add informative logging when starting file downloads.
* Documentation updates, including a new file docs/stboot-system.md and specifications at https://docs.system-transparency.org.
* Support for running stboot as the system's init (pid 1) process. Previously, it was recommended to use u-root as the init process, and let u-root spawn stboot as a regular process.
Go library changes (no expected stability between stboot releases):
* Delete the sterror package.
* Change method OSPackage.Sign to use crypto.Signer for the private key. Delete the ospkg.Signer interface, in favor of crypto.Signer.
* Delete lots of unused code, including various exported functions.
Miscellaneous:
* Improved test coverage, both unit tests and integration tests.
This release has been tested to work with:
* Artifacts produced by stmgr v0.3.2 (pre-release version). https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.3.2 * Provisioning using stprov v0.3.3 (pre-release version) https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.3
This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/96fe394b162f...