From 219a865f7c565c9e1445f2b82bbdd37305569375 Mon Sep 17 00:00:00 2001 From: Kaushik Agrawal Date: Mon, 17 Nov 2025 15:56:10 -0500 Subject: [PATCH 1/5] BYOL 4.0 release notes --- docs/release_notes_byol_4.0.md | 50 ++++++++++++++++++++++++++++++++++ sidebars.js | 1 + 2 files changed, 51 insertions(+) create mode 100644 docs/release_notes_byol_4.0.md diff --git a/docs/release_notes_byol_4.0.md b/docs/release_notes_byol_4.0.md new file mode 100644 index 0000000000..618ca44c57 --- /dev/null +++ b/docs/release_notes_byol_4.0.md @@ -0,0 +1,50 @@ +--- +title: Bring Your Own License (BYOL) +sidebar_label: '4.0' +--- +## Release 4.0.0 + +**Release Date:** TBD + +#### New Features and Improvements + +- **Azure SSR image support for vTPM** +JIRA: I95-54267 + +On first boot of the SSR volume, the instance the vTPM (if detected) will be automatically initialized with RSA encryption key pair. The BYOL image contains a script which can be used to validate the vTPM operations based on the initialization. + +Encrypt: /home/t128/t128_tpm_crypto.sh encrypt -i secret.txt -o secret.txt.enc +Decrypt: /home/t128/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt + +NOTE: SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software. + +- **Enhancements to onboarding-config via cloud-init** +JIRA: WAN-4033, I95-60406 + +New options were added to the onboarding-config (typically installed via cloud-init) to enable additional use cases. Some examples of new additions: + * Support custom NTP server + * Support static HTTPS Proxy for MIST connection + +- **Support for HA sync and fabric links** +JIRA: I95-62888 + +Support for HA fabric and HA sync to establish a dual-node HA in public cloud. + + +### Resolved Issues + + - **I95-62016 Sanitize sensitive information from logs and files on disk** + + _**Resolution:**_ Certain sensitive onboarding information is not properly scrubbed from files on disk and logs. + + + - **I95-63304 BYOL Template is not producing consistent interface ordering** + + _**Resolution:**_ Update the udev and cloud-init rules to ensure a more strict ordering and naming of interfaces which matches the device map and SSR-ROLE tags more appropriately. + + + - **I95-62888 Interface tagging in Azure is not consistent** + + _**Resolution:**_ Some Azure side changes broke how the image manages interface tagging for role assignments. The Azure SDK was updated to use managed identity APIs and more consistent parsing of the SSR-ROLE tags. + + diff --git a/sidebars.js b/sidebars.js index c543c5f35f..cf86391f91 100644 --- a/sidebars.js +++ b/sidebars.js @@ -71,6 +71,7 @@ module.exports = { "type": "category", "label": "BYOL Cloud Images", "items": [ + "release_notes_byol_4.0", "release_notes_byol_3.0", "release_notes_byol_2.0", "release_notes_byol" From 7d372e6126d59018838766fcd46aae095ac13689 Mon Sep 17 00:00:00 2001 From: Kaushik Agrawal Date: Mon, 17 Nov 2025 18:07:30 -0500 Subject: [PATCH 2/5] add jira-ids --- docs/release_notes_byol_4.0.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/release_notes_byol_4.0.md b/docs/release_notes_byol_4.0.md index 618ca44c57..448884c66e 100644 --- a/docs/release_notes_byol_4.0.md +++ b/docs/release_notes_byol_4.0.md @@ -8,8 +8,7 @@ sidebar_label: '4.0' #### New Features and Improvements -- **Azure SSR image support for vTPM** -JIRA: I95-54267 +- **I95-54267 Azure SSR image support for vTPM** On first boot of the SSR volume, the instance the vTPM (if detected) will be automatically initialized with RSA encryption key pair. The BYOL image contains a script which can be used to validate the vTPM operations based on the initialization. @@ -18,15 +17,13 @@ Decrypt: /home/t128/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt NOTE: SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software. -- **Enhancements to onboarding-config via cloud-init** -JIRA: WAN-4033, I95-60406 +- **WAN-4033, I95-60406 Enhancements to onboarding-config via cloud-init** New options were added to the onboarding-config (typically installed via cloud-init) to enable additional use cases. Some examples of new additions: * Support custom NTP server * Support static HTTPS Proxy for MIST connection -- **Support for HA sync and fabric links** -JIRA: I95-62888 +- **I95-62888 Support for HA sync and fabric links** Support for HA fabric and HA sync to establish a dual-node HA in public cloud. From c9d2531ac0c3779078d7e3359cf138a34ceef078 Mon Sep 17 00:00:00 2001 From: Kaushik Agrawal <60372242+agrawalkaushik@users.noreply.github.com> Date: Wed, 17 Dec 2025 23:25:44 -0500 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Chris Turner <47952861+Chr1st0ph3rTurn3r@users.noreply.github.com> --- docs/release_notes_byol_4.0.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/release_notes_byol_4.0.md b/docs/release_notes_byol_4.0.md index 448884c66e..3b7fb9d8d8 100644 --- a/docs/release_notes_byol_4.0.md +++ b/docs/release_notes_byol_4.0.md @@ -10,12 +10,14 @@ sidebar_label: '4.0' - **I95-54267 Azure SSR image support for vTPM** -On first boot of the SSR volume, the instance the vTPM (if detected) will be automatically initialized with RSA encryption key pair. The BYOL image contains a script which can be used to validate the vTPM operations based on the initialization. +On first boot of the SSR volume, the instance of the vTPM (if detected) is automatically initialized with the RSA encryption key pair. The BYOL image contains a script which is used to validate the vTPM operations based on the initialization. Encrypt: /home/t128/t128_tpm_crypto.sh encrypt -i secret.txt -o secret.txt.enc Decrypt: /home/t128/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt -NOTE: SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software. +:::important +SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software. +::: - **WAN-4033, I95-60406 Enhancements to onboarding-config via cloud-init** @@ -37,11 +39,11 @@ Support for HA fabric and HA sync to establish a dual-node HA in public cloud. - **I95-63304 BYOL Template is not producing consistent interface ordering** - _**Resolution:**_ Update the udev and cloud-init rules to ensure a more strict ordering and naming of interfaces which matches the device map and SSR-ROLE tags more appropriately. + _**Resolution:**_ Updated the udev and cloud-init rules to ensure a more strict ordering and naming of interfaces which matches the device map and SSR-ROLE tags more appropriately. - **I95-62888 Interface tagging in Azure is not consistent** - _**Resolution:**_ Some Azure side changes broke how the image manages interface tagging for role assignments. The Azure SDK was updated to use managed identity APIs and more consistent parsing of the SSR-ROLE tags. + _**Resolution:**_ Some changes on the Azure side broke how the image manages interface tagging for role assignments. The Azure SDK has been updated to use managed identity APIs and more consistent parsing of the SSR-ROLE tags. From b71e5a3fb3b7e261560079563cc49c1ec371dc2e Mon Sep 17 00:00:00 2001 From: Kaushik Agrawal Date: Fri, 19 Dec 2025 12:02:04 -0500 Subject: [PATCH 4/5] Address review comments --- docs/release_notes_byol_4.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release_notes_byol_4.0.md b/docs/release_notes_byol_4.0.md index 3b7fb9d8d8..70dd1f622d 100644 --- a/docs/release_notes_byol_4.0.md +++ b/docs/release_notes_byol_4.0.md @@ -12,8 +12,8 @@ sidebar_label: '4.0' On first boot of the SSR volume, the instance of the vTPM (if detected) is automatically initialized with the RSA encryption key pair. The BYOL image contains a script which is used to validate the vTPM operations based on the initialization. -Encrypt: /home/t128/t128_tpm_crypto.sh encrypt -i secret.txt -o secret.txt.enc -Decrypt: /home/t128/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt +Encrypt: /usr/libexec/128technology/t128_tpm_crypto.sh encrypt -i secret.txt -o secret.txt.enc +Decrypt: /usr/libexec/128technology/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt :::important SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software. From ff9b7f745ccd95bb72810d013da57b60d9eb1bf2 Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Fri, 19 Dec 2025 10:34:26 -0700 Subject: [PATCH 5/5] update paths --- docs/release_notes_byol_4.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/release_notes_byol_4.0.md b/docs/release_notes_byol_4.0.md index 70dd1f622d..29f3034bde 100644 --- a/docs/release_notes_byol_4.0.md +++ b/docs/release_notes_byol_4.0.md @@ -12,8 +12,8 @@ sidebar_label: '4.0' On first boot of the SSR volume, the instance of the vTPM (if detected) is automatically initialized with the RSA encryption key pair. The BYOL image contains a script which is used to validate the vTPM operations based on the initialization. -Encrypt: /usr/libexec/128technology/t128_tpm_crypto.sh encrypt -i secret.txt -o secret.txt.enc -Decrypt: /usr/libexec/128technology/t128_tpm_crypto.sh decrypt -i secret.txt.enc -o output.txt +Encrypt: /usr/libexec/128technology/t128_tpm_crypto encrypt -i secret.txt -o secret.txt.enc +Decrypt: /usr/libexec/128technology/t128_tpm_crypto decrypt -i secret.txt.enc -o output.txt :::important SSR version 7.1.3-r2 or higher is required to leverage the vTPM capabilities in software.