Release v0.7.0

Release Notes Confidential Containers v0.7.0

Please see the quickstart guide for details on how to try out Confidential Containers.

Please refer to our Acronyms and Glossary pages for a definition of the acronyms used in this document.

What’s new

  • Flexible instance types/profiles support for peer-pods
  • Ability to use CSI Persistent Volume with peer-pods on Azure and IBM Cloud
  • EAA-KBC/Verdictd support removed from enclave-cc
  • Baremetal SNP without attestation available via operator
  • Guest components (attestation-agent, image-rs and ocicrypt-rs) merged into one repository
  • Documentation and community repositories merged together

Hardware Support

Confidential Containers is tested with attestation on the following platforms:

  • Intel TDX
  • AMD SEV(-ES)
  • Intel SGX

The following platforms are untested or partially supported:

  • IBM Secure Execution (SE) on IBM zSystems (s390x) running LinuxONE

The following platforms are in development:



The following are known limitations of this release:

  • Platform support is rapidly changing
    • Image signature validation with AMD SEV-ES is not covered by CI.
  • SELinux is not supported on the host and must be set to permissive if in use.
  • The generic KBS does not yet supported all platforms.
  • The format of encrypted container images is still subject to change
    • The oci-crypt container image format itself may still change
    • The tools to generate images are not in their final form
    • The image format itself is subject to change in upcoming releases
    • Not all image repositories support encrypted container images.
  • CoCo currently requires a custom build of containerd, which is installed by the operator.
    • Codepath for pulling images will change significantly in future releases.
    • crio is only supported with cloud-api-adaptor.
  • Complete integration with Kubernetes is still in progress.
    • OpenShift support is not yet complete.
    • Existing APIs do not fully support the CoCo security and threat model. More info
    • Some commands accessing confidential data, such as kubectl exec, may either fail to work, or incorrectly expose information to the host
    • Container images must be downloaded separately (inside guest) for each pod. More info
  • The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
    • We track our status with the OpenSSF Best Practices Badge, which remained at 64% at the time of this release.
    • Vulnerability reporting mechanisms still need to be created. Public github issues are still appropriate for this release until private reporting is established.

CVE Fixes