Visit the OpenStack Summit page for the latest news, registration and hotels.
Back To Schedule
Monday, November 3 • 15:20 - 16:00
Trusted Bare Metal What's That?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

You are a cloud user who wants bare metal for performance forging the security benefits of virtualization. All the OpenStack services, such as, Nova, Keystone, and Glance, all run on bare metal. At launch time, can we trust that they are free of malware?

Ironic in OpenStack provides support for flashing machines using network boot, PXE/iPXE. We propose modifying Ironic for trusted boot by using a two phase measured launch approach. In Phase 1, measure the Ironic boot loader, and in Phase 2, measure the Glance image we seek to install on the machine. Glance images could carry expected hash values.

The solution described relies on tboot, an open source trusted boot loader, OAT, an open source remote attestation service, Intel TXT technology, and a trusted platform module (TPM).  We round out the talk with a demo illustrating trusted boot.

Contributors: Tan Lin (Intel), Gang Wei (Intel), and Devananda van der Veen (HP)

avatar for Dr. Malini Bhandaru

Dr. Malini Bhandaru

Architect, Intel
Malini Bhandaru is a Sr. Cloud Architect with the Open source Technology Center, Intel and has been involved with OpenStack for over three years. Her tenure at Intel spans work on cloud and security, fast encryption algorithms, and Xeon platform power and performance. Prior to Intel... Read More →

Monday November 3, 2014 15:20 - 16:00 CET
Room 243

Attendees (0)