This article provides an overview of new features, improvements, bug fixes, and known issues in the Fortanix Confidential Computing Manager (CCM) 3.35 release.
Prerequisites
- A container registry account to push the converted application container Image(s).
New Features
- CCM Saas:
- Added Group and Third-Party Group support in Fortanix CCM. For more information, refer to the following documents:
- Added Group and Third-Party Group support in Fortanix CCM. For more information, refer to the following documents:
Improvements
- CCM Saas:
- The Azure Confidential Container (ACI) environment variables now support new sets of fixed and mutable environment variables for parameter adjustment during ACI template generation. These environment variables are included in the container group's security policy. These changes are exclusively related to REST API in the current release; however, the UI-related changes will be supported in the future CCM releases.
- Resolved a non-fatal error message related to Nitro Enclave console connection failure, enhancing the overall stability and error reporting of the system.
- Enhanced support for Azure AKS Agent Deployment by updating AKS device paths to
/dev/sgx_enclaveand/dev/sgx_provision, ensuring compatibility with newer AKS clusters.
- Enclave OS:
- Added support for
/proc/<pid>/statm, enhancing compatibility and addressing the failures experienced by certain algorithms, hence improving system performance and reliability. - Implemented a minimum RSA key size of 2048 bits for application keys within the converter.
- Added support for
Known Issues and Resolutions
- CCM Saas:
- Unable to share a regular workflow with other recipient groups after adding a placeholder object for the recipient group.
- In the existing multi-party configuration, users with an Editor role experience difficulty in viewing objects created by them or by the administrator following migration. To resolve this, administrators should assign users with the Editor Role to the CCM_DEFAULT group, designating them as 'Group administrators'.
- The third-party groups in a rejected or revoked state remain after the primary group deletion because they are outdated entries. An automatic cleanup will occur once this ticket is implemented.
- ACI now considers the lists of fixed environment variables and includes them in the security policy of the container group. These changes affect the
/v1/apps,/v1/builds, and/v1/tools/converter/convert-appREST APIs.
Limitations
Fortanix has a fair usage policy in this Early Customer Access Program. Hence, Fortanix has limited the resources one can create per account. Therefore, it is expected to observe a resource creation failure message once you have reached the maximum limit.
ACI and compute node agent for EKS features in 3.30 offer limited support. The following are limitations:
- ACI does not support workflows.
- Applications with network or port configuration are not supported on EKS.
To report an issue or bug, visit https://support.fortanix.com/hc/en-us/requests/new.
Node Agent Download
Download link for SGX Platform: https://support.fortanix.com/hc/en-us/articles/360043407012-Fortanix-Node-Agent-Software-Intel-SGX-Platform
Download link for AWS Nitro Platform: https://support.fortanix.com/hc/en-us/articles/4412575587732-Fortanix-Node-Agent-Software-AWS-Nitro-Platform
Comments
Please sign in to leave a comment.