Anjuna Runtime for AMD SEV

Each version of the Anjuna Seaglass software is supported for one year after release.

Version 1.15. Release Date - December 17th, 2024

Access the installer here.

What’s new?

  • Added support for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9 to the Anjuna SEV Runtime for Google Cloud.

Relevant bug fixes

Platform

Bug number

Severity

Description

Microsoft Azure

ANJ-11079

Medium

Fixed a bug that prevented launching a Confidential Container in an ECasv5 or ECadsv5-series VMs in Azure.

Relevant security fixes

Platform

Bug number

Severity

Description

Google Cloud

ANJ-10880

Medium

Upgraded anjuna-gcp-cli to use Go v1.23 in order to solve any potential vulnerabilities that existed in the older Go version.

Version 1.14. Release Date - August 30th, 2024

Access the installer here.

What’s new?

  • Improved error handling for invalid CLI commands.

  • The logs produced by the Anjuna Runtime now include a UTC timestamp. For example: ANJ-ENCLAVE: 2024/08/26 14:01:59 Powered on

Version 1.13. Release Date - August 7th, 2024

Access the installer here.

What’s new?

  • Improved disk size recommendations:

    • If you run a disk create command with a --disk-size that is too small for the container, the Anjuna CLI will recommend a larger disk size.

    • Previously, it could recommend disk sizes that could not be parsed by --disk-size.

    • Now, all recommendations follow the expected format for --disk-size.

  • The anjuna-azure-cli instance log command now removes Azure-inserted ANSI escape sequences from log output, which could disrupt the terminal. ANSI escape sequences that are output by the user’s container are still preserved.

  • Improved error handling in the installer.

Relevant security fixes

Platform

Bug number

Severity

Description

Microsoft Azure
Google Cloud

ANJ-10584,
ANJ-10607

High

Fixed a time-of-check-time-of-use (TOCTOU) vulnerability, where an attacker could tamper with the container image after it was measured by the Anjuna Runtime.

Version 1.12. Release Date - July 15th, 2024

Access the installer here.

What’s new?

  • Improvements to the anjuna-azure-cli and anjuna-gcp-cli disk create commands:

    • Disk creation for anjuna-gcp-cli is now significantly faster: builds are up to 90% faster than in v1.11 or earlier, depending on the size of the container.

    • Building disks no longer requires root permissions

  • Breaking change: anjuna-gcp-cli disk create has been updated to be consistent with anjuna-azure-cli:

    • Disk size is now specified using --disk-size instead of the old --size flag

    • Disk sizes always use binary units (1 MB = 1 MiB = 1024 bytes)

  • anjuna-gcp-cli disk create now supports the --save-measurements flag to save the enclave’s measurements as a JSON file. This flag was already present in anjuna-azure-cli.

Relevant bug fixes

Platform

Bug number

Severity

Description

Microsoft Azure
Google Cloud

ANJ-9997

High

Fixed an issue that could cause the disk create command to fail due to missing dependencies. These dependencies are now installed by the SEV Runtime installer.

Relevant security fixes

Platform

Bug number

Severity

Description

Microsoft Azure
Google Cloud

ANJ-10547

Low

Upgraded a dependency to address CVE-2024-6104. There was no known way to exploit this vulnerability in the Anjuna Runtime.

Version 1.11. Release Date - June 20th, 2024

Access the installer here.

What’s new?

  • Added automatic and transparent encryption of the primary disk (OS disk) associated with the Confidential VM, using an ephemeral enclave-generated key. This ensures that any data written to the OS disk is fully protected (confidentiality and integrity) while the enclave is running and after the enclave has been terminated (if the disk is not deleted).

Relevant bug fixes

Platform

Bug number

Severity

Description

Microsoft Azure

ANJ-10198

Medium

Fixed a bug that could cause anjuna-azure-cli disk build to fail with the error mkfs.vfat: unable to open <device>: No such file or directory.

Microsoft Azure

ANJ-10292

Medium

Fixed a bug that could cause anjuna-azure-cli disk upload to fail with the error ErrorCode:NoAuthenticationInformation.

Microsoft Azure

ANJ-10354

Medium

Fixed a bug in the anjuna-azure-cli when the user is using a non-default Azure subscription, which could result in confusing errors like "resource group not found". It is recommended to explicitly pass --subscription-id if you are using a non-default Azure subscription.

Google Cloud

ANJ-10324

Medium

Fixed a bug that could cause missing logs when using Google Cloud Logging.

Relevant security fixes

Platform

Bug number

Severity

Description

Microsoft Azure
Google Cloud

ANJ-10333

High

Fixed the "Leaky Vessels" CVE-2024-21626 vulnerability by upgrading dependencies. There was no known way to exploit this vulnerability in the Anjuna Runtime.

Microsoft Azure
Google Cloud

ANJ-10107,
ANJ-10397

Medium

Fixed several potential vulnerabilities by upgrading dependencies, addressing CVE-2023-25153, CVE-2023-25173, CVE-2022-41723, CVE-2022-41717, and CVE-2023-44487. There was no known way to exploit these vulnerabilities in the Anjuna Runtime.

Version 1.10. Release Date - January 22nd, 2024

Access the installer here.

What’s new?

  • Added support for the new Anjuna Kubernetes Toolset, enabling you to run Anjuna Confidential Pods in Azure Kubernetes Service (AKS). See Anjuna Kubernetes Toolset for AMD SEV for details.

Relevant bug fixes

Bug number

Severity

Description

ANJ-10056

Medium

Fixed a bug in termination signal handling in both Azure and Google Cloud. Previously, applications were terminated too quickly in some cases, which could cause issues like losing some of the final logs.

Version 1.9. Release Date - December 18th, 2023

Access the installer here.

Relevant bug fixes

Bug number

Severity

Description

ANJ-8853

Medium

Previously, anjuna-gcp-cli disk create interpreted --disk-size units like 1M to use decimal powers (1M = 1000 * 1000 bytes), which was inconsistent with the anjuna-azure-cli disk create command. Now, both anjuna-gcp-cli and anjuna-azure-cli commands use binary powers (1M means 1MiB = 1024 * 1024 bytes).

Version 1.8. Release Date - October 17th, 2023

Access the installer here.

Relevant bug fixes

Bug number

Severity

Description

ANJ-9863

Medium

Fixed a bug that could cause certain containers to fail when booting in both Azure and Google Cloud.

ANJ-9203

Medium

Fixed a bug in the Anjuna CLI that could cause cleanup of temporary resources to fail in both Azure and Google Cloud.

ANJ-9769

Medium

Fixed a bug where anjuna-azure-cli would occasionally not clean up the .disk-build-<id> temporary directory that stores intermediate build results.

Version 1.7 - Updated. Release Date - September 19th, 2023

Access the installer here.

This is an update to the version 1.7 release of September 5th, 2023.

What’s new?

Anjuna Confidential Containers for AMD SEV now supports Google Cloud. The documentation has been updated with examples for Google Cloud.

The Anjuna Policy Manager now supports Anjuna Confidential Containers for SEV on both Microsoft Azure and Google Cloud:

  • Perform remote attestation to confirm that an instance is running the expected container in a secure enclave.

  • Securely provision secrets for a Confidential Container using the Anjuna Policy Manager.

Version 1.7. Release Date - September 5th, 2023

Access the installer here.

What’s new?

  • The Anjuna Confidential Container will now abort operation if the underlying VM instance is rebooted using the cloud service provider’s APIs. This prevents unexpected behavior related to attestation boot measurements changing.

  • Added support for DHCP hostnames. Instances in the same local network (VPC) can now address the Anjuna Confidential Container via hostname.

Relevant bug fixes

Bug number

Severity

Description

ANJ-9725

High

Fixed a bug that could cause anjuna-azure-cli disk upload to fail with the error "storage account not found" even when the storage account exists.

Version 1.6. Release Date - August 4th, 2023

Access the installer here.

What’s new?

The Anjuna Policy Manager now supports Anjuna Confidential Containers for SEV on Azure:

  • Perform remote attestation to confirm that an Azure instance is running the expected container in a secure enclave.

  • Securely provision secrets for a Confidential Container using the Anjuna Policy Manager.

This release also includes improvements to the Anjuna CLI:

  • Added the --assign-id flag to anjuna-azure-cli instance create to assign an Azure Managed Identity to the instance.

  • Added the anjuna-azure-cli instance delete command, which terminates a running Anjuna Confidential Container instance and cleans up the instance’s associated storage disk.

Relevant bug fixes

Bug number

Severity

Description

ANJ-9105

Medium

Fixed a bug that could result in creating a disk image that was too small to actually run. anjuna-azure-cli will now exit with an error instead of silently creating an unusable disk.

Version 1.5. Release Date - June 28th, 2023

Access the installer here.

What’s new?

In this initial release of Anjuna Confidential Containers for AMD SEV, you will be able to run an unmodified container in an Azure Confidential VM with AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).

To get started, see Quickstart guide for the Anjuna Confidential Container.