[RFE] Bare metal trust using Intel TXT
Bug #1526280 reported by
Vladyslav Drok
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Fix Released
|
Wishlist
|
Tan Lin |
Bug Description
Be able to assert that a host node has a trusted BIOS, OptionROM, and kernel/OS . Be able to detect changes in BIOS, attached PCIe devices, changes to their firmware, and/or kernel. Leverages Intel TXT to "measure" BIOS and OS software and save their hashes on the trusted-
Changed in ironic: | |
status: | New → Confirmed |
importance: | Undecided → Wishlist |
tags: | added: rfe |
Changed in ironic: | |
assignee: | nobody → Tan Lin (tan-lin-good) |
tags: |
added: rfe-approved removed: rfe |
To post a comment you must log in.
Spec is available at http:// specs.openstack .org/openstack/ ironic- specs/specs/ approved/ bare-metal- trust-using- intel-txt. html.
Copying this from its corresponding BP (https:/ /blueprints. launchpad. net/ironic/ +spec/bare- metal-trust- using-intel- txt):
Gerrit topic: https:/ /review. openstack. org/#q, topic:bp/ bare-metal- trust-using- intel-txt, n,z
Addressed by: https:/ /review. openstack. org/191661
Add a new boot section 'trusted_boot' for PXE
Addressed by: https:/ /review. openstack. org/207278
Support trusted boot with iPXE
Just the iPXE patch needs to land to complete this work. Leaving it open until that happens. I'd like to see that completed during Mitaka.
// jroll 2015-10-15