Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 978630

Summary: [Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
Product: Red Hat Enterprise Virtualization Manager Reporter: Andrew Burden <aburden>
Component: DocumentationAssignee: Zac Dover <zdover>
Status: CLOSED NOTABUG QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: abaron, aburden, acathrow, dfediuck, gang.wei, gklein, lpeer, thildred, yeylon, zdover
Target Milestone: ---Keywords: FutureFeature
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sla
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 977165 Environment:
Last Closed: 2013-10-09 04:10:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: SLA RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 929057, 977165, 978631    
Bug Blocks:    

Description Andrew Burden 2013-06-27 01:30:26 UTC 
+++ This bug was initially created as a clone of Bug #977165 +++

+++ This bug was initially created as a clone of Bug #929057 +++

Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite.

Eval Guide
8.7. Use Virtual Desktop Pools



Please include the Trusted Compute Pools feature once it get upstreamed into oVirt.

- the link to the patch(es) in gerrit
http://gerrit.ovirt.org/#/c/11237/

- the oVirt wiki page link
http://wiki.ovirt.org/Trusted_compute_pools

- QA issue
Intel will QA this feature, once it is available in downstream RHEV.
Comment 1 Zac Dover 2013-07-07 17:21:41 UTC 
Trusted Compute Pools provide a way for Administrator to deploy VMs on trusted hosts.

The feature will allow data center administrator to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the administrator can ensure that verified measurement of software be running in hosts, thus they can establish the foundation for the secure enterprise stack. Such remote attestation services can be developed by using SDK provided by OpenAttestation project.

Remote Attestation server performs host verification through following steps:

1. Hosts boot with Intel TXT technology enabled

2. The hosts' BIOS, hypervisor and OS are measured

3. These measured data is sent to Attestation server when challenged by attestation server

4. Attestation server verifies those measurements against good/known database to determine hosts' trustworthiness

This information was taken verbatim from:
http://wiki.ovirt.org/Trusted_compute_pools#Summary

The ovirt wiki page linked above should be studied carefully and included in any RHEV documentation created to explain Trusted Compute Pools based on OpenAttestation.
Comment 2 Tim Hildred 2013-10-09 04:10:39 UTC 
This bug does not affect the Evaluation Guide.