Comment 7 for bug 1456228

Does the design specify that the VM should not be powered back on when the system reboots? I ask because I think that is a different problem. With the scheduling problem there is an outside entity from Nova that can ask for attestation and enforce not giving the VM to an untrusted host.

In this use case Nova would be responsible (I'm asking here and not stating, so please clarify if wrong) for asking for attestation and enforcing not launching a VM. If it is then this is risky because Nova would report measurements and enforce the decision as to whether or not to launch the VM. If Nova has been compromised then it could ignore whatever response is from attestation service or ignore it completely.

I'm not sure what is in scope for requirements and design of trusted pools.