ANNOUNCE: stboot v0.5.2 - ST-announce

14 Feb 2025


      The ST team is happy to announce a new release of the stboot bootloader,
tag v0.5.2, which succeeds the previous release at tag v0.4.3. The
source code for this release is available from the git repository:
git clone -b v0.5.2 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
  tag --verify v0.5.2
The expectations and intended use of the stboot bootloader is documented
in the repository's RELEASES file.  This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/main/RELEASES...
Learn about what's new in a release from the repository's NEWS file.  An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li...
  https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers,
The ST team
NEWS for stboot v0.5.2
This release of stboot includes several new features. Except for
    the removal of experimental TPM measurements, it is intended to be
    fully backwards compatible with stboot v0.4.3.
New features and improvements:
* Display stboot version when booting. See README.md for how to
      override the version string at build time.
* Increase reboot delay to 30s.
* Log IP addresses used when downloading the OS package.
* Log expiry dates of root and OS package certificates. Fail
      early if all root certificates are expired.
* Add support for encrypted OS packages. See
      docs/stboot-system.md.
* Log host configuration description string, if present. See
      https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.4.1/conte...
Incompatible changes:
* This version requires go version 1.22 or later when building.
Unfortunately, the go 1.22 toolchain is not available in Debian
      bookworm. For Debian users, we suggest using the go packages
      from either bookworm-backports or testing. For an updated Build
      guide using bookworm-backports, see
      https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.4.1/conte....
* The experimental code to do TPM measurements has been deleted.
Miscellaneous:
* Improved documentation of backwards compatible host
      configuration. See doc/stboot-system.md.
This release has been tested to work with:
* Artifacts produced by stmgr v0.5.0 (pre-release version).
      https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.5.0
    * Systems provisioned with stprov v0.4.0 (pre-release version)
      https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.4.0
This release implements the specifications at
    https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.4.1/conte...