Sorry, you need to enable JavaScript to visit this website.

Intel® SecL-DC News Update:  4.0 GA  Release 7/27/21

Foundational/WL Use Cases:

  • Added support for Client Intel® PTT (fTPM)
  • Added support for TPM SHA384 PCR banks
  • Platform-info now pulls platform details directly from UEFI and ACPI tables
  • ISecL now exposes Flavor templates to allow customization of flavor creation
  • Support for the filesystem key manager in the Key Broker Service has been removed
  • ISecL adds support in NATS mode for the Trust Agent and HVS communication
  • Changes to Container Confidentiality using open-source version of Skopeo/Crio and removed the dependency on custom solution
 

Intel® SecL-DC News Update:  3.6 GA  Release 5/25/21

Foundational/WL Use Cases:

  • Containerization Deployment of Foundaational and Workload Security Use Cases supported and validated with RHEL and Ubuntu OS
  • Added support for pyKMIP integration with Workload Security Use Cases
  • Additional performance and scalability improvements
  • Common Integration Hub to support both Foundational/WL Use Cases and SKC/SGX Attestation Use Cases

SKC/ SGX Attestation USe Cases:

  • Additional performance and scalability improvements
  • SGX Sample Application with quote verification signature added
 

Intel® SecL-DC News Update:  3.5 GA  Release 3/26/21

Foundational/WL Use Cases:

  • Additional performance and scalability improvements
  • Added new filter criteria to the /v2/hosts API.  Hosts can now be searched by trust status, and the response data when retrieving host details can now optionally also include the host-status and Trusted state. See the HVS Swaggerdoc for details.
  • Host searches will now return data in a consistent order (based on the timestamp when the host was registered), and can be sorted by ascending or descending order.  See the HVS Swaggerdoc for details.
  • The CLI command "setup server" has been replaced by "setup update-service-config" across all Foundational Security services.  See the Product Guide for details.

SKC/ SGX Attestation USe Cases:

  • Containerization Deployment of SKC and SGX Attestation Use Cases supported
  • Added support for pyKMIP integration with SKC Use Case
  • Additional performance and scalability improvements
  • Added new filter criteria to the /v2/hosts API. 
  • SGX Sample Application and Verifier Enhancements

 

Intel® SecL-DC News Update:  3.4 PV  Release 3/1/21

Foundational/WL Use Cases:

  • Backend changes have been made to improve the performance of the HVS, particularly for large scale deployments.

SKC/ SGX Attestation USe Cases:

  • Streamline discovery and registration flows
  • Upgrades & Bug Fixes: Upgraded to DCAP PV version & few Security and Performance bug fixes
  • Support added for SGX Sample Verifier App & Integration


 

Intel® SecL-DC News Update:  3.3 PC  Release 12/23/20

Foundational/WL Use Cases:

  • Openstack Ussuri* Support for WL Placement 
  • VM-C with Ussuri* Support

SKC USe Cases:

  • Openstack Ussuri* Support for Security Aware Orchestration
  • Ubuntu Support for SGX/ SKC both Services & Nodes

 

Intel® SecL-DC News Update:  3.2 PC  Release 11/18/20

Foundational/WL Use Cases:

  • The Key Broker now supports both Secure Key Caching and Foundational Security workflows with a single codebase.  Previously separate KBS builds were required for each of these use cases, and they have now been merged into a single service.
  • Vmware Cluster Registration has been re-enabled in the Host Verification Service.  This function allows registration of an entire vCenter cluster object, which will cause ESXi hosts to automatically be registered or un-registered for attestation in the HVS as they are added to or removed from the vCenter cluster.
  • Performance Improvements

SKC USe Cases:

  • SKC workload and SGX Agent support Ubuntu 18.04 for the Secure Key Caching usecase
  • Added support for SGX Attestation

 

Intel® SecL-DC News Update:  3.1 PC  Release 10/13/20

Foundational/WL Use Cases:

  • Added support for CRI-O and Skopeo to the Container Confidentiality use case. Previously only the Docker containerruntime was supported for this use case.
  • The Integration Hub now also pushes information about enabled hardware security features to Kubernetes inaddition to the existing Trust and Asset Tag information.
  • Added deployment support through Ansible Galaxy; ; please see quick start guide for details.
  • Postman collections created for SKC Use case; please see quick start guide for details

SKC USe Cases:

  • Added containerized workload support for Secure Key Caching based on Intel(R) SGX technology
  • Added support for choosing Sandbox or Production PCS through caching service answer file
  • Added support for Secure Key Caching in the Integration Hub;
  • Added deployment support through Ansible Galaxy; ; please see quick start guide for details.
  • Postman collections created for SKC Use case; please see quick start guide for details  

Intel® SecL-DC News Update:  3 PC  Release 09/1/20

  • Added support for Secure Key Caching based on Intel(R) SGX technology
  • The Verification Service has been renamed the Host Verification Service and rewritten in GO

    Intel® SecL-DC News Update:  2.2 GA  Release 06/25/20
  • Resolved few issues (see Release Notes) 

 

Intel® SecL-DC News Update:  2.1 PC  Release 04/04/20

  • Added support for 3rd-party KMIP key managers to the Intel(R) SecL-DC Key Broker 
  • Added support for Trusted Virtual Kubernetes Worker Nodes
  • Adresses the Chain of Trust for Kubernetes Worker Nodes running as Virtual Machines
  • VM Attestation Reports are now created in the Workload Service for all VM starts through libvirt, including VMs not encrypted by the Workload Confidentiality feature. Currently the trust status of the VM is effectively the trust status of the underlying host.
  • Database clients fot the Workload Service and the Authentication and Authorization Service will now validate the database server certificate Subject Alternative Names and Common Name. 

 

Intel® SecL-DC News Update:  2 PC  Release 03/28/20

  • The Trust Agent is now written in GO
  • All services now support a granular permissions-based model for roles (instead of only predefined roles with hard-coded permissions) 
  • Added support for RHEL 8.1 - Removed support for RHEL 7 

 

Intel® SecL-DC News Update:  1.6.1 GA  Release 01/19/20

- Updated the Workload Agent for Workload Confidentiality using Docker Container Encryption. An update to the Docker runtime required adjustment to the Secure Docker Daemon used to manage encrypted containers.

 

Intel® SecL-DC News Update:  1.6 GA  Release 12/22/19

- Added the Signed Flavor feature
  • Allows the Verification Service to sign Flavors and verify the signature at attestation time to maintain the integrity of the Flavors.
- Added the Workload Confidentiality feature
  • Allows image owners for virtual machines or Docker containers to encrypt the source images of their workloads.  Encryption keys remain under the image owner's control, and are released to specific servers, sealed to that server's TPM, upon a successful integrity attestation with attributes that meet policy requirements determined by teh workload image owner.  Because the image decryption key is sealed to the TPM of the host that was attested, this means that only a server that meets the requirements of the image owner as proven by an attestation report can successfully access the image.
  • Adds the new Workload Service (WLS)
  • The Workload Service manages mapping image IDs (as they exist in image storage, ie OpenStack Glance) to key IDs
  • Adds the new Workload Agent (WLA)
  • Manages the compute node/worker node operation, intercepting attempted launch of encrypted workloads, makes requests for keys, and manages crypto volumes for accessed images
  • Adds the new Key Broker Service (KBS)
  • Acts as the policy manager for handling key requests.  Verifies that received attestation reprots are signed by a known Verification Service and that the attestation attributes match policy requirements.
  • Adds the new Workload Policy Manager (WPM)
  • Application that encrypts a new workload image
- Authentication for new components (WLS, WLA) now uses token-based authentication provided by the new Authentication and Authorization service (AAS).  This is planned to replace the existing authenticatyion mechanisms for all Intel SecL services in the 1.6 release version.
- Added the new Certificate Management Service (CMS).  This service will replace and centralize all existing certificate management functions in all Intel SecL services for the 1.6 release version.  In the BETA release, this is currently integrated for the AAS and WLS.
 

Intel® SecL-DC News Update:  1.5 GA  Release 7/24/19

1.5GA Release Supporting below Use Cases:
- Added support for additional Root of Trust options – Intel BootGuard and UEFI SecureBoot – including removing the tboot requirement if UEFI SecureBoot is enabled (due to incompatibility)
- Added the Application Integrity feature
1.5GA Release Supporting below Key Features:
- Updated algorithms to use SHA384 instead of SHA256
- Updated key generation to use RSA-3K
 

Intel® SecL-DC News Update:  First generation 1.4 GA Release 5/22/19

First version 1.4GA Release supporting the below Use Cases:

- Hardware-rooted Platform Trust Attestation
Intel Security Libraries leverage Intel Trusted Execution Technology and the Trusted Compute Group standards to establish a measured boot environment for servers that use Intel Xeon processors and a Trusted Platform Module.  This measured boot environment allows a server's actual boot state to be compared to known-good values, which enables the detection of malicious code injection, rootkits, unacceptable firmware or software version, etc.  Remote attestation of this comparison through ISecL allows a clear audit report of the boot state of servers in the datacenter to ensure compliance and improve security. 
- Asset Tag Attestation
Intel Security Libraries allow the generation and provisioning of user-defined key/value pairs that can be securely provisioned into the physical TPM of a host and included in the remote attestation process.  This allows datacenter administrators or cloud consumers to gain visibility into tagged attributes, such as the location of the server hardware.

 

Intel® SecL-DC News Update:  First generation Beta Release 4/2/19

Building atop hardware-based security, software-based security continues to be essential, which is why we are launching Intel® Security Libraries for Data Center (Intel® SecL-DC).  Beta version is made available 4/2/2019.  The GA version will be made available before the end of May’19. 

Intel® SecL-DC News Update:  3 PC  Release 09/1/20

  • Added support for Secure Key Caching based on Intel(R) SGX technology
  • The Verification Service has been renamed the Host Verification Service and rewritten in GO
Project: 
Intel® Security Libraries for Data Center (Intel® SecL-DC)