Intel® SecL-DC News Update: 2.2 GA Release 06/25/20
- Resolved few issues (see Release Notes)
Intel® SecL-DC News Update: 2.1 PC Release 04/04/20
- Added support for 3rd-party KMIP key managers to the Intel(R) SecL-DC Key Broker
- Added support for Trusted Virtual Kubernetes Worker Nodes
- Adresses the Chain of Trust for Kubernetes Worker Nodes running as Virtual Machines
- VM Attestation Reports are now created in the Workload Service for all VM starts through libvirt, including VMs not encrypted by the Workload Confidentiality feature. Currently the trust status of the VM is effectively the trust status of the underlying host.
- Database clients fot the Workload Service and the Authentication and Authorization Service will now validate the database server certificate Subject Alternative Names and Common Name.
Intel® SecL-DC News Update: 2 PC Release 03/28/20
- The Trust Agent is now written in GO
- All services now support a granular permissions-based model for roles (instead of only predefined roles with hard-coded permissions)
- Added support for RHEL 8.1 - Removed support for RHEL 7
Intel® SecL-DC News Update: 1.6.1 GA Release 01/19/20
- Updated the Workload Agent for Workload Confidentiality using Docker Container Encryption. An update to the Docker runtime required adjustment to the Secure Docker Daemon used to manage encrypted containers.
Intel® SecL-DC News Update: 1.6 GA Release 12/22/19
- Allows the Verification Service to sign Flavors and verify the signature at attestation time to maintain the integrity of the Flavors.
- Allows image owners for virtual machines or Docker containers to encrypt the source images of their workloads. Encryption keys remain under the image owner's control, and are released to specific servers, sealed to that server's TPM, upon a successful integrity attestation with attributes that meet policy requirements determined by teh workload image owner. Because the image decryption key is sealed to the TPM of the host that was attested, this means that only a server that meets the requirements of the image owner as proven by an attestation report can successfully access the image.
- Adds the new Workload Service (WLS)
- The Workload Service manages mapping image IDs (as they exist in image storage, ie OpenStack Glance) to key IDs
- Adds the new Workload Agent (WLA)
- Manages the compute node/worker node operation, intercepting attempted launch of encrypted workloads, makes requests for keys, and manages crypto volumes for accessed images
- Adds the new Key Broker Service (KBS)
- Acts as the policy manager for handling key requests. Verifies that received attestation reprots are signed by a known Verification Service and that the attestation attributes match policy requirements.
- Adds the new Workload Policy Manager (WPM)
- Application that encrypts a new workload image
Intel® SecL-DC News Update: 1.5 GA Release 7/24/19
Intel® SecL-DC News Update: First generation 1.4 GA Release 5/22/19
First version 1.4GA Release supporting the below Use Cases:
Intel® SecL-DC News Update: First generation Beta Release 4/2/19
Building atop hardware-based security, software-based security continues to be essential, which is why we are launching Intel® Security Libraries for Data Center (Intel® SecL-DC). Beta version is made available 4/2/2019. The GA version will be made available before the end of May’19.