Red Hat Bugzilla – Bug 978630
[Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
Last modified: 2016-02-10 15:17:20 EST
+++ This bug was initially created as a clone of Bug #977165 +++
+++ This bug was initially created as a clone of Bug #929057 +++
Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite.
8.7. Use Virtual Desktop Pools
Please include the Trusted Compute Pools feature once it get upstreamed into oVirt.
- the link to the patch(es) in gerrit
- the oVirt wiki page link
- QA issue
Intel will QA this feature, once it is available in downstream RHEV.
Trusted Compute Pools provide a way for Administrator to deploy VMs on trusted hosts.
The feature will allow data center administrator to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the administrator can ensure that verified measurement of software be running in hosts, thus they can establish the foundation for the secure enterprise stack. Such remote attestation services can be developed by using SDK provided by OpenAttestation project.
Remote Attestation server performs host verification through following steps:
1. Hosts boot with Intel TXT technology enabled
2. The hosts' BIOS, hypervisor and OS are measured
3. These measured data is sent to Attestation server when challenged by attestation server
4. Attestation server verifies those measurements against good/known database to determine hosts' trustworthiness
This information was taken verbatim from:
The ovirt wiki page linked above should be studied carefully and included in any RHEV documentation created to explain Trusted Compute Pools based on OpenAttestation.
This bug does not affect the Evaluation Guide.