Bug 978630 - [Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
[Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.3.0
Assigned To: Zac Dover
: FutureFeature
Depends On: 929057 977165 978631
  Show dependency treegraph
Reported: 2013-06-26 21:30 EDT by Andrew Burden
Modified: 2016-02-10 15:17 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 977165
Last Closed: 2013-10-09 00:10:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew Burden 2013-06-26 21:30:26 EDT
+++ This bug was initially created as a clone of Bug #977165 +++

+++ This bug was initially created as a clone of Bug #929057 +++

Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite.

Eval Guide
8.7. Use Virtual Desktop Pools

Please include the Trusted Compute Pools feature once it get upstreamed into oVirt.

- the link to the patch(es) in gerrit

- the oVirt wiki page link

- QA issue
Intel will QA this feature, once it is available in downstream RHEV.
Comment 1 Zac Dover 2013-07-07 13:21:41 EDT
Trusted Compute Pools provide a way for Administrator to deploy VMs on trusted hosts.

The feature will allow data center administrator to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the administrator can ensure that verified measurement of software be running in hosts, thus they can establish the foundation for the secure enterprise stack. Such remote attestation services can be developed by using SDK provided by OpenAttestation project.

Remote Attestation server performs host verification through following steps:

1. Hosts boot with Intel TXT technology enabled

2. The hosts' BIOS, hypervisor and OS are measured

3. These measured data is sent to Attestation server when challenged by attestation server

4. Attestation server verifies those measurements against good/known database to determine hosts' trustworthiness

This information was taken verbatim from:

The ovirt wiki page linked above should be studied carefully and included in any RHEV documentation created to explain Trusted Compute Pools based on OpenAttestation.
Comment 2 Tim Hildred 2013-10-09 00:10:39 EDT
This bug does not affect the Evaluation Guide.

Note You need to log in before you can comment on or make changes to this bug.