Docs: add ghaf-24.06 release note

Signed-off-by: Jenni Nikolaenko <[email protected]>

docs/src/SUMMARY.md

@@ -31,7 +31,7 @@
     - [Cross-Compilation](ref_impl/cross_compilation.md)
     - [Creating Application VM](ref_impl/creating_appvm.md)
     - [labwc Desktop Environment](ref_impl/labwc.md)
-    - [idsvm Further Development](ref_impl/idsvm-development.md)
+    - [IDS VM Further Development](ref_impl/idsvm-development.md)
     - [systemd Service Hardening](ref_impl/systemd-service-config.md)
   - [Ghaf as Library: Templates](ref_impl/ghaf-based-project.md)
     - [Example Project](ref_impl/example_project.md)
@@ -58,6 +58,7 @@
     - [Public Key Infrastructure](scs/pki.md)
     - [Security Fix Automation](scs/ghaf-security-fix-automation.md)
 - [Release Notes](release_notes/release_notes.md)
+    - [Release ghaf-24.06](release_notes/ghaf-24.06.md)
     - [Release ghaf-24.03](release_notes/ghaf-24.03.md)
     - [Release ghaf-23.12](release_notes/ghaf-23.12.md)
     - [Release ghaf-23.09](release_notes/ghaf-23.09.md)

docs/src/architecture/adr/idsvm.md

@@ -34,4 +34,4 @@ Routing and analyzing the network traffic in a separate VM will reduce network p
 
 ## References
 
-[IDS VM Further Development](/docs/src/ref_impl/idsvm-development.md)
+[IDS VM Further Development](../../ref_impl/idsvm-development.md)

docs/src/ref_impl/creating_appvm.md

@@ -7,7 +7,7 @@
 
 Application VM (App VM) is a VM that improves trust in system components by isolating applications from the host OS and other applications. Virtualization with hardware-backed mechanisms provides better resource protection than traditional OS. This lets users use applications of different trust levels within the same system without compromising system security. While the VMs have overhead, it is acceptable as a result of improved security and usability that makes the application seem like it is running inside an ordinary OS.
 
-As a result, both highly trusted applications and untrusted applications can be hosted in the same secure system when the concerns are separated in their own AppVM.
+As a result, both highly trusted applications and untrusted applications can be hosted in the same secure system when the concerns are separated in their own App VM.
 
 To create an App VM:
 1. Add the VM description.

docs/src/ref_impl/idsvm-development.md

@@ -8,7 +8,7 @@
 
 ## Implementation
 
-The [IDS VM](/docs/src/architecture/adr/idsvm.md) is implemented as a regular Micro VM with static IP.
+The [IDS VM](../architecture/adr/idsvm.md) is implemented as a regular Micro VM with static IP.
 
 The [mitmproxy](https://mitmproxy.org/) is included in the demonstrative interactive proxy to enable analysis of TLS-protected data on the fly. Also, [Snort](https://snort.org/) network intrusion detection and prevention system package is included but no dedicated UI nor proper utilization is provided.
 

docs/src/ref_impl/installer.md

@@ -5,32 +5,33 @@
 
 # Installer
 
+
 ## Configuring and Building Installer for Ghaf
 
 You can obtain the installation image for your Ghaf configuration. 
 
-In addition to the live USB image that Ghaf provides it is also possible
-to install Ghaf. This can either be achieved by downloading the desired image
-or by building it as described below.
+In addition to the live USB image that Ghaf provides it is also possible to install Ghaf. This can either be achieved by downloading the desired image or by building it as described below.
 
-Currently only x86_64-linux systems are supported by the standalone installer. So to build e.g. the debug image
+Currently, only x86_64-linux systems are supported by the standalone installer. So to build e.g. the debug image
 for the Lenovo x1 follow the following steps
 
 ```sh
 nix build .#lenovo-x1-carbon-gen11-debug-installer
 ```
 
-## Flashing the installer 
+
+## Flashing Installer 
 
 Once built you must transfer it to the desired installation media. It requires at least a 4GB SSD, at the time of writing.
 
 ```nix
 sudo dd if=./result/iso/ghaf-<version>-x86_64-linux.iso of=/dev/<SSD_NAME> bs=32M status=progress; sync
 ```
 
-## Installing the image
 
-**Warning this is a destructive operation and will overwrite your system**
+## Installing Image
+
+> **WARNING**: This operation is destructive and will overwrite your system.
 
 Insert the SSD into the laptop, boot, and select the option to install.
 
@@ -48,4 +49,4 @@ Once entered, remembering to include `/dev`, press ENTER to complete the process
 ```nix
 sudo reboot
 ```
-And remember to remove the installer drive
+Mind remove the installer drive.

docs/src/release_notes/ghaf-23.06.md

@@ -27,7 +27,7 @@ The following target hardware is supported by this release:
   * the development status: <https://github.com/tiiuae/ghaf/tree/ghaf-23.06/modules>.
 * SLSA v1.0 level provenance file included.
 * Ghaf version information (query).
-* NixOS is updated to 23.05: [NixOS 23.05 released!](https://discourse.nixos.org/t/nixos-23-05-released/28649)
+* NixOS is updated to NixOS 23.05: [NixOS 23.05 released!](https://discourse.nixos.org/t/nixos-23-05-released/28649)
 
 
 ## Bug Fixes

docs/src/release_notes/ghaf-24.03.md

@@ -6,9 +6,9 @@
 # Release ghaf-24.03
 
 
-## Release Branch
+## Release Tag
 
-<https://github.com/tiiuae/ghaf/tree/ghaf-24.03>
+<https://github.com/tiiuae/ghaf/releases/tag/ghaf-24.03>
 
 
 ## Supported Hardware
@@ -58,9 +58,9 @@ Fixed bugs that were in the ghaf-23.12 release:
 | Cannot log in to the Element chat with a Google account  | In Progress | Workaround for x86: create a user specifically for Element. |
 | Windows launcher application does not work on AGX  | In Progress | Workaround: launch a Windows VM from the command line. |
 | Time synchronization between host and VMs does not work in all scenarios  | In Progress | Under investigation. |
-| Closing and re-opening a deck lid of a X1 laptop with running Ghaf causes instability | In Progress | Workaround: keep a deck lid of a laptop open while working with Ghaf. |
+| Closing and reopening a deck lid of a Lenovo ThinkPad X1 laptop with Ghaf running causes instability | In Progress | Workaround: keep a deck lid of a laptop open while working with Ghaf. |
 | Applications do not open from icons when netvm is restarted | In Progress | Workaround: restart AppVMs. |
-| Cannot connect to a hidden Wi-Fi network from GUI | In Progress | Workaround:  connect with SSH to netvm and run the command `nmcli dev wifi connect SSID password PASSWORD hidden yes`. |
+| Cannot connect to a hidden Wi-Fi network from GUI | In Progress | Workaround:  connect with SSH to a netvm and run the command: `nmcli dev wifi connect SSID password PASSWORD hidden yes`. |
 
 
 ## Environment Requirements
@@ -79,7 +79,7 @@ Download the required image and use the following instructions:
 | ghaf-24.03_Generic_x86.tar.xz | [Running Ghaf Image for x86 Computer](../ref_impl/build_and_run.md#running-ghaf-image-for-x86-computer) |
 | ghaf-24.03_Lenovo_X1_Carbon_Gen11.tar.xz  | [Running Ghaf Image for Lenovo X1](../ref_impl/build_and_run.md#running-ghaf-image-for-lenovo-x1) |
 | ghaf-24.03_Nvidia_Orin_AGX_cross-compiled-no-demoapps.tar.xz[^note], ghaf-24.03_Nvidia_Orin_AGX_cross-compiled.tar.xz, ghaf-24.03_Nvidia_Orin_AGX_native-build.tar.xz | [Ghaf Image for NVIDIA Jetson Orin AGX](../ref_impl/build_and_run.md#ghaf-image-for-nvidia-jetson-orin-agx) |
-| ghaf-24.03_Nvidia_Orin_NX_cross-compiled-no-demoapps[^note].tar.xz, ghaf-24.03_Nvidia_Orin_NX_cross-compiled.tar.xz, ghaf-24.03_Nvidia_Orin_NX_native-build.tar.xz | [Ghaf Image for NVIDIA Jetson Orin AGX](../ref_impl/build_and_run.md#ghaf-image-for-nvidia-jetson-orin-agx) |
+| ghaf-24.03_Nvidia_Orin_NX_cross-compiled-no-demoapps[^note1].tar.xz, ghaf-24.03_Nvidia_Orin_NX_cross-compiled.tar.xz, ghaf-24.03_Nvidia_Orin_NX_native-build.tar.xz | [Ghaf Image for NVIDIA Jetson Orin AGX](../ref_impl/build_and_run.md#ghaf-image-for-nvidia-jetson-orin-agx) |
 | ghaf-24.03_PolarFire_RISC-V.tar.xz | [Building Ghaf Image for Microchip Icicle Kit](../ref_impl/build_and_run.md#building-ghaf-image-for-microchip-icicle-kit) |
 
-[^note] no-demoapps images do not include Chromium, Zathura, and GALA applications.
+[^note1] no-demoapps images do not include Chromium, Zathura, and GALA applications.

docs/src/release_notes/ghaf-24.06.md

@@ -0,0 +1,93 @@
+<!--
+    Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
+    SPDX-License-Identifier: CC-BY-SA-4.0
+-->
+
+# Release ghaf-24.06
+
+
+## Release Tag
+
+<https://github.com/tiiuae/ghaf/releases/tag/ghaf-24.06>
+
+
+## Supported Hardware
+
+The following target hardware is supported by this release:
+
+* NVIDIA Jetson AGX Orin
+* NVIDIA Jetson Orin NX
+* Generic x86 (PC)
+* Polarfire Icicle Kit
+* Lenovo ThinkPad X1 Carbon Gen 11
+* Lenovo ThinkPad X1 Carbon Gen 10
+* NXP i.MX 8M Plus
+
+
+## What is New in ghaf-24.06
+
+* Added support for NXP i.MX 8M Plus.
+* NixOS is updated to [NixOS 24.05](https://nixos.org/blog/announcements/2024/nixos-2405/) further to nixos-unstable.
+* labwc is used as a default compositor on all platforms. Weston is no longer supported.
+* Static networking with external DNS server support only. Internal DHCP and DNS are removed.
+  * This affects all new guest VM networking.
+  * Windows VM must be configured with static IP and DNS.
+* Lenovo X1 Carbon Gen 10/11:
+  * Image compression uses the [Zstandard (zstd)](https://github.com/facebook/zstd) algorithm.
+  * Initial vTPM implementation for Application VMs is added.
+  * Audio VM with [PipeWire](https://gitlab.freedesktop.org/pipewire/pipewire) backend and [PulseAudio](https://www.freedesktop.org/wiki/Software/PulseAudio/) TCP remote communications layer.
+  * Multimedia function key passthrough.
+  * Initial implementation of [IDS VM](../architecture/adr/idsvm.md) as a defensive network mechanism.
+  * Support for [Element](https://element.io/) chat application.
+  * GPS location sharing through the Element application.
+  * [AppFlowy](https://github.com/AppFlowy-IO/AppFlowy) uses the [Flutter](https://github.com/flutter) application framework.
+* NVIDIA Jetson Orin NX:
+  * UARTI passthrough.
+  * The Jetpack baseline software updates and fixes.
+* Further refactoring and modularization of Ghaf Framework.
+* Development, testing, and performance tooling improvements.
+
+
+## Bug Fixes
+
+Fixed bugs that were in the ghaf-24.03 release:
+
+* Icons do not launch applications when a netvm is restarted.
+* Closing and reopening a deck lid of a Lenovo ThinkPad X1 laptop with Ghaf running causes instability.
+
+
+## Known Issues and Limitations
+
+| Issue           | Status      | Comments                             |
+|-----------------|-------------|--------------------------------------|
+| Cannot log in to the Element chat with a Google account  | In Progress | Workaround for x86: create a user specifically for Element. |
+| Windows launcher application does not work on AGX  | In Progress | Workaround: launch a Windows VM from the command line. |
+| Time synchronization between host and VMs does not work in all scenarios  | In Progress | Under investigation. |
+| Applications do not open from icons when netvm is restarted | In Progress | Workaround: restart AppVMs. |
+| Cannot connect to a hidden Wi-Fi network from GUI | In Progress | Workaround:  connect with SSH to a netvm and run the command: `nmcli dev wifi connect SSID password PASSWORD hidden yes`. |
+| NVIDIA Jetson AGX Orin and NVIDIA Jetson Orin NX: cannot make voice calls using the Element application | In Progress | Under investigation. |
+| The Element application cannot find a camera | In Progress | Under investigation. |
+
+
+## Environment Requirements
+
+There are no specific requirements for the environment with this release.
+
+
+## Installation Instructions
+
+Released images are available at [vedenemo.dev/files/releases/ghaf_24.06/](https://vedenemo.dev/files/releases/ghaf_24.06/).
+
+Download the required image and use the following instructions:
+
+| Release Image           | Build and Run      |
+|-------------------------|--------------------|
+| ghaf-24.06_Generic_x86.tar.xz | [Running Ghaf Image for x86 Computer](../ref_impl/build_and_run.md#running-ghaf-image-for-x86-computer) |
+| ghaf-24.06_Lenovo_X1_Carbon_Gen11.tar.xz  | [Running Ghaf Image for Lenovo X1](../ref_impl/build_and_run.md#running-ghaf-image-for-lenovo-x1) |
+| ghaf-24.06_Nvidia_Orin_AGX_cross-compiled.tar.xz, ghaf-24.06_Nvidia_Orin_AGX_native-build.tar.xz, ghaf-24.06_Nvidia_Orin_NX_cross-compiled.tar.xz, ghaf-24.06_Nvidia_Orin_NX_native-build.tar.xz  | [Ghaf Image for NVIDIA Jetson Orin AGX](../ref_impl/build_and_run.md#ghaf-image-for-nvidia-jetson-orin-agx) |
+| ghaf-24.06_PolarFire_RISC-V.tar.xz | [Building Ghaf Image for Microchip Icicle Kit](../ref_impl/build_and_run.md#building-ghaf-image-for-microchip-icicle-kit) |
+
+
+<!--
+    There is no image for NXP i.MX 8M Plus. We say that we added the nxp support in this release but there is no image to try it. Yes, this is dog.
+-->

docs/src/release_notes/release_notes.md

@@ -12,6 +12,7 @@ Release numbering scheme: *ghaf-yy.mm*.
 
 ## In This Chapter
 
+- [Release ghaf-24.06](../release_notes/ghaf-24.06.md)
 - [Release ghaf-24.03](../release_notes/ghaf-24.03.md)
 - [Release ghaf-23.12](../release_notes/ghaf-23.12.md)
 - [Release ghaf-23.09](../release_notes/ghaf-23.09.md)