[openstack-dev] [glance] [nova] Verification of glance images before boot
Chris Friesen
chris.friesen at windriver.com
Wed Sep 9 17:40:55 UTC 2015
On 09/09/2015 10:53 AM, Poulos, Brianna L. wrote:
> Stuart is right about what will currently happen in Nova when an image is
> downloaded, which protects against unintentional modifications to the
> image data.
>
> What is currently being worked on is adding the ability to verify a
> signature of the checksum.
It should be noted that this does not protect against a compromised compute node.
For an end-user that cares about this case, I think you'd pretty much need
self-checking within the guest to ensure that its running system matches a
downloaded manifest (or something like that).
Chris
More information about the OpenStack-dev
mailing list