Releases: worldcoin/orb-software
Releases · worldcoin/orb-software
orb-jobs-agent/v0.0.0-beta.28
chore(hil): bump orb-hil to beta 27 (#1187)
orb-jobs-agent/v0.0.0-b8f884e
chore(hil): bump orb-hil to beta 27 (#1187)
orb-connd/v0.1.1-b8f884e
chore(hil): bump orb-hil to beta 27 (#1187)
orb-hil/v0.0.2-tmp.57
feat(se050): certificate validation (#1167) Implements validation of the SE050 certificate file, validating the cert chain starting from the pinned root NXP certificate. The only ai-assisted portion of this pr is the contents of `se050/src/certs/null_params_alg.rs`, and `se050/example_data/2A66F1B2_bad_signature.crt` Strictly speaking, actually validating the chip unique cert against the NXP root of trust isn't necessary since the assumption is that the backend pins the die-unique cert for a given orb already. But my hope is that the additional checks against the root cert further harden the system. Some limitations (which I think are fine): * we dont check CRLs when validating the cert chain. This is because doing so would require networking and greatly complicate the implementation.
orb-hil/v0.0.2-beta.27
feat(se050): certificate validation (#1167) Implements validation of the SE050 certificate file, validating the cert chain starting from the pinned root NXP certificate. The only ai-assisted portion of this pr is the contents of `se050/src/certs/null_params_alg.rs`, and `se050/example_data/2A66F1B2_bad_signature.crt` Strictly speaking, actually validating the chip unique cert against the NXP root of trust isn't necessary since the assumption is that the backend pins the die-unique cert for a given orb already. But my hope is that the additional checks against the root cert further harden the system. Some limitations (which I think are fine): * we dont check CRLs when validating the cert chain. This is because doing so would require networking and greatly complicate the implementation.
orb-hil/v0.0.2-beta.26
feat(se050): certificate validation (#1167) Implements validation of the SE050 certificate file, validating the cert chain starting from the pinned root NXP certificate. The only ai-assisted portion of this pr is the contents of `se050/src/certs/null_params_alg.rs`, and `se050/example_data/2A66F1B2_bad_signature.crt` Strictly speaking, actually validating the chip unique cert against the NXP root of trust isn't necessary since the assumption is that the backend pins the die-unique cert for a given orb already. But my hope is that the additional checks against the root cert further harden the system. Some limitations (which I think are fine): * we dont check CRLs when validating the cert chain. This is because doing so would require networking and greatly complicate the implementation.
orb-update-verifier/v0.3.0-838decc
feat(update-agent)!: mark the target slot status UIP (#1176) Bringing back some of the logic removed in https://github.com/worldcoin/orb-software/pull/529 :) Breaking changes: - Setting the next boot slot, only changes the rootfs status, if that is `unbootable`. The change is done in order to enable utilizing the other statuses in EDK & initramfs - Marking the slot as ok is the only function which sets the status as `normal` no matter the current status, and it is meant to be used with `worldcoin-update-verifier` - Encapsulated the logic of resetting `SR_RF` & the efivars which back it up in one function. I do not see why it would be seperate `update-agent` is setting the `rootfs` status in `update-in-progress`. This will get changed to `update_done` by EDK. In the next boot, in the happy path, verifier sets everything back to `normal`
orb-update-agent/v6.0.4-838decc
feat(update-agent)!: mark the target slot status UIP (#1176) Bringing back some of the logic removed in https://github.com/worldcoin/orb-software/pull/529 :) Breaking changes: - Setting the next boot slot, only changes the rootfs status, if that is `unbootable`. The change is done in order to enable utilizing the other statuses in EDK & initramfs - Marking the slot as ok is the only function which sets the status as `normal` no matter the current status, and it is meant to be used with `worldcoin-update-verifier` - Encapsulated the logic of resetting `SR_RF` & the efivars which back it up in one function. I do not see why it would be seperate `update-agent` is setting the `rootfs` status in `update-in-progress`. This will get changed to `update_done` by EDK. In the next boot, in the happy path, verifier sets everything back to `normal`
orb-slot-ctrl/v0.4.0-838decc
feat(update-agent)!: mark the target slot status UIP (#1176) Bringing back some of the logic removed in https://github.com/worldcoin/orb-software/pull/529 :) Breaking changes: - Setting the next boot slot, only changes the rootfs status, if that is `unbootable`. The change is done in order to enable utilizing the other statuses in EDK & initramfs - Marking the slot as ok is the only function which sets the status as `normal` no matter the current status, and it is meant to be used with `worldcoin-update-verifier` - Encapsulated the logic of resetting `SR_RF` & the efivars which back it up in one function. I do not see why it would be seperate `update-agent` is setting the `rootfs` status in `update-in-progress`. This will get changed to `update_done` by EDK. In the next boot, in the happy path, verifier sets everything back to `normal`
orb-hil/v0.0.2-beta.25
chore(hil): add ssh config for the orbs (#1173) to do `ssh orb` or `scp something orb:~/` from the hil