7.0.0-dev2

Added

• Allow changing the constitution during disaster recovery via the command.recover.constitution_files entry in cchost. (#7155)
• Added toArrayBuffer to ccfapp/utils which converts ArrayBufferLike to ArrayBuffer. (#7171)
• ccf/crypto/openssl_init.h header exposing ccf::crypt::openssl_sha256_init() and ccf::crypto::openssl_sha256_shutdown() for unit tests using ccfcrypto.a. (#7118)

Changed

• cchost is removed, and each application now provides its own executable:
• CCF nodes no longer contain a separate cchost executable and enclave library (.so) file. Each former enclave library is now its own executable, currently sharing the same set configuration format as the previous cchost.
• The js_generic sample app is no longer a library installed at /ccf/lib/libjs_generic.so, it is now an executable installed at /ccf/bin/js_generic.
• The add_ccf_app function in CMake now builds an executable rather than a library. The caller should provide a main function, and call ccf::run() from include/ccf/run.h to start the node (see samples/apps/main.cpp for a minimal example).
• Application logging no longer traverses the ringbuffer. As current target platforms do not require distinct enclave and host components, what was previously "in-enclave" logging that was deferred via the ringbuffer can now be immediately sent to stdout.
• CA certificates issued by CCF (ie - service_cert.pem) now include a keyUsage extension, to comply with RFC5280 (#7134).

Removed

• CCF no longer publishes a "run" package (cchost + runtime dependencies). Instead, only the -devel package is published, which has to be used by CCF application developers. CCF also provides ccfapp CPack settings to pull in all CCF runtime dependencies. Check Packaging your C++ app for documentation (#7187).

Dependencies

• Updated snmalloc to 0.7.1.

6.0.10

Changed

• Compatibility with TypeScript 5.9. (#7171)
• Compatibility with TLS clients that require the keyUsage extension, such as Python 3.13+. (#7134)

5.0.20

Added

• Allow changing the constitution during disaster recovery via the command.recover.constitution_files entry in cchost. (#7155)
• Pin typescript to 5.8.3. (#7157)

7.0.0-dev1

Changed

• CCF no longer has platform-specific builds. The single build configuration will run on both SNP and Virtual, automatically detecting the current platform at runtime. This means the COMPILE_TARGET CMake option is no longer required, and all release artifacts no longer have a platform in their path.
• The logging.host_level configuration option and --enclave-log-level CLI switch are replaced by a combined --log-level CLI switch (#7104).
• Drop support for 5.* Linux kernels exposing /dev/sev. Only 6.*+ Linux kernels exposing /dev/sev-guest are now supported (#7109).

Removed

• The ccf/pal/hardware_info.h header has been removed (#7117).

5.0.19

Dependencies

• Updated Open Enclave from 0.19.11 to 0.19.13 (#7124).

7.0.0-dev0

Removed

• The classic governance API which was deprecated in 5.0.0 has now been removed. Any operations under /gov which do not take an api-version query parameter are no longer available.

Fixed

• Improved error messages when failing to fetch collateral. (#7103)

6.0.9

Added

• Add governance action that supports specifying minimum TCB versions in hexstring format. This is intended to be the default format going forward. (#7078)

6.0.8

Changed

• The constitution's apply() function may now write directly to public application (ie - non-governance) tables. Note that this access is write-only, so these tables can still not be read from. (#7088)

6.0.7

Added

• Reproducibility support for RPM releases: each release now includes a manifest and script to reproduce the RPM (#7063, #7069)
• Documentation added for users to reproduce and verify CCF RPMs (#7072)

6.0.6

Added

• Collateral can be fetched from AMD servers directly on Genoa machines (#7054).

Fixed

• Addressed issues in read_ledger and ccf.ledger that could prevent old ledger from being read (#7056, #7057).