Bug 978630 - [Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
[Docs] [Eval] Trusted Compute Pools feature based on OpenAttestation
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation (Show other bugs)
3.3.0
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.3.0
Assigned To: Zac Dover
ecs-bugs
sla
: FutureFeature
Depends On: 929057 977165 978631
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-26 21:30 EDT by Andrew Burden
Modified: 2016-02-10 15:17 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 977165
Environment:
Last Closed: 2013-10-09 00:10:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: SLA
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Burden 2013-06-26 21:30:26 EDT
+++ This bug was initially created as a clone of Bug #977165 +++

+++ This bug was initially created as a clone of Bug #929057 +++

Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite.

Eval Guide
8.7. Use Virtual Desktop Pools



Please include the Trusted Compute Pools feature once it get upstreamed into oVirt.

- the link to the patch(es) in gerrit
http://gerrit.ovirt.org/#/c/11237/

- the oVirt wiki page link
http://wiki.ovirt.org/Trusted_compute_pools

- QA issue
Intel will QA this feature, once it is available in downstream RHEV.
Comment 1 Zac Dover 2013-07-07 13:21:41 EDT
Trusted Compute Pools provide a way for Administrator to deploy VMs on trusted hosts.

The feature will allow data center administrator to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the administrator can ensure that verified measurement of software be running in hosts, thus they can establish the foundation for the secure enterprise stack. Such remote attestation services can be developed by using SDK provided by OpenAttestation project.

Remote Attestation server performs host verification through following steps:

1. Hosts boot with Intel TXT technology enabled

2. The hosts' BIOS, hypervisor and OS are measured

3. These measured data is sent to Attestation server when challenged by attestation server

4. Attestation server verifies those measurements against good/known database to determine hosts' trustworthiness

This information was taken verbatim from:
http://wiki.ovirt.org/Trusted_compute_pools#Summary

The ovirt wiki page linked above should be studied carefully and included in any RHEV documentation created to explain Trusted Compute Pools based on OpenAttestation.
Comment 2 Tim Hildred 2013-10-09 00:10:39 EDT
This bug does not affect the Evaluation Guide.

Note You need to log in before you can comment on or make changes to this bug.