The ST team is happy to announce a new release of the stboot bootloader, tag v0.6.5, which succeeds the previous release at tag v0.5.2. The source code for this release is available from the git repository:
git clone -b v0.6.5 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at https://www.system-transparency.org/keys, and the tag signature can be verified using the command
git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.6.5
The expectations and intended use of the stboot bootloader is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/v0.6.5/RELEAS...
Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li... https://git.glasklar.is/system-transparency/core/stboot/-/issues system-transparency-core-stboot-issues@incoming.glasklar.is
Cheers, The ST team
--- NEWS for stboot v0.6.5
This release most notably allows operators to sign OS packages with Sigsum. Refer to https://www.sigsum.org/ to learn more about the Sigsum project.
New features:
* Support OS packages that are signed with Sigsum. This feature is optional and only enabled if the /etc/trust_policy/ospkg_trust_policy file exists. * Allow ospkg_signing_roots.pem to contain multiple X.509 certificates. This makes it possible to, e.g., have a flat key hierarchy with multiple non-CA keys signing OS packages directly (particularly useful for Sigsum).
Incompatible changes:
* This version requires go version 1.23 or later when building.
This release has been tested to work with:
* Artifacts produced by stmgr, pre-release v0.6.4. https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.6.4 * Systems provisioned with stprov, pre-release v0.5.3. https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.5.3
This release implements the specifications at:
* https://git.glasklar.is/system-transparency/core/stboot/-/blob/v0.6.5/docs/s... * https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.5.2/conte...