+++ This bug was initially created as a clone of Bug #977165 +++ +++ This bug was initially created as a clone of Bug #929057 +++ Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite. Eval Guide 8.7. Use Virtual Desktop Pools Please include the Trusted Compute Pools feature once it get upstreamed into oVirt. - the link to the patch(es) in gerrit http://gerrit.ovirt.org/#/c/11237/ - the oVirt wiki page link http://wiki.ovirt.org/Trusted_compute_pools - QA issue Intel will QA this feature, once it is available in downstream RHEV.
Trusted Compute Pools provide a way for Administrator to deploy VMs on trusted hosts. The feature will allow data center administrator to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the administrator can ensure that verified measurement of software be running in hosts, thus they can establish the foundation for the secure enterprise stack. Such remote attestation services can be developed by using SDK provided by OpenAttestation project. Remote Attestation server performs host verification through following steps: 1. Hosts boot with Intel TXT technology enabled 2. The hosts' BIOS, hypervisor and OS are measured 3. These measured data is sent to Attestation server when challenged by attestation server 4. Attestation server verifies those measurements against good/known database to determine hosts' trustworthiness This information was taken verbatim from: http://wiki.ovirt.org/Trusted_compute_pools#Summary The ovirt wiki page linked above should be studied carefully and included in any RHEV documentation created to explain Trusted Compute Pools based on OpenAttestation.
This bug does not affect the Evaluation Guide.