[Openstack] trusted computing and nova

Chris Wright chrisw at sous-sol.org
Fri Dec 9 20:03:36 UTC 2011

* Vishvananda Ishaya (vishvananda at gmail.com) wrote:
> 1. add an admin api to add and remove hosts from an availabilty zone. Then the component that is verifying trust could periodically check the hosts and remove them from the trusted zone if they fail. The scheduler could just use regular availability-zone scheduling to send the hosts to the trusted zone.

This makes sense to me.  The trust state of a compute node is typically
only measured at boot (although there are efforts to extend measurements
beyond boot).  Part of the attestation step could be gating whether a
compute node can effectively join an availablity zone.

> 2. rather than verify trust during schedule, provide an external service that is exposed to users where they could verify trust. They could basically request the trust state of an instance. The service would speak to nova through an admin api to discover which host the instance is running on and verify the trustedness of the host, and return "trusted" to the user if the node passes.

Seems this would allow a "Trust_lvl=Trusted" instance to run on an untrusted
compute node until later polled?  Probably not sufficient.


More information about the Openstack mailing list