v1.1.0
-
Added automatic entropy seeding support for Nitro Enclaves. This allows customers to use with no code changes applications that require entropy. The NitroSecureModule driver integrates with the Linux entropy subsystem to provide entropy on-demand, without requiring additional integration work in the application.
-
Updated the Enclave Kernel to the latest microVM kernel based on the 4.14 AL2 kernel version.
-
Users can retrieve information about an existing eif, including the enclave PCR values and signing certificate data, using the new
describe-eifcommand. -
Users can now define enclave names with the
--enclave-name option, and then issue nitro-cli commands using this name instead of the enclave id. Works with theconsole,run-enclaveandterminate-enclavecommands. -
Users can calculate the PCR hash for a given data file, or can process the PCR8 value for a given signing certificate, using the new
pcrcommand. -
Having nitro-cli hang on the enclave console can now be avoided by setting a timeout value with the
--disconnect-timeoutoption for theconsolecommand. -
Updated the tar crate to v0.4.36 and the hyper crate to v0.14.11.
-
Bugfixes
- Update the enclave boot timeout logic to consider the enclave image size.
- Fix remote server's matching against allowlist for vsock proxy.
- Add pylint fixes to the nitro-cli tests.
- Verify the signing certificate of the enclave image and add explicit error
handling. - Exit if the hugepages configuration fails in the nitro-enclaves-allocator
service. - Set correct group ownership for /dev/nitro_enclaves in the nitro-cli spec.
-
Documentation updates
- Add refs for Nitro CLI install from sources on a set of Linux distros in the nitro-cli docs.
- Update references to the AWS Nitro Enclaves COSE crate in the nitro-cli docs.
- Update vsock proxy configuration file location in the vsock proxy README.
- Update command executer sample README to reflect current state.
- Update Nitro CLI README to include information about enclave disk space.