Comment 15 for bug 1456228

"I am under the impression that the trust status is only checked at boot time, so unless the node is rebooted after changing the boot order, the attestation information available to trusted_filter will still say that the node is trusted, and therefore will allow the instance to start. However, if the node is rebooted, the attestation information should prevent that node from restarting"
This is not true. Currently, tboot will still let the server boot up even if server has been compromised(say by changing the grub and get into single user mode then change root password and boot to normal mode). Attestation server will say this node is no longer trusted and openstack then can't launch a new VM on this cumpute node.

However, for the VMs that were already on this compromised node, openstack still let them start(power on).

To me, openstack does check with attestation server before it launch a new VM on a compute node, however if it does not do so when it power on a VM that are supposed to be on a trusted node, I don't really see the point of this design.

Maybe I am underestimated it, but isn't there a obvious fix, whatever checks performed before lunching a new trusted VM, we need to do the same for power on a trusted VM..