Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-889

[spike] Remote attestation integration

XMLWordPrintable

    • False
    • False
    • OCPPLAN-6117 - Remote Attestation
    • Undefined

       

      The use of Keylime in Red Hat technologies is to provide a method for remote attestation that will enable Red Hat products to be used in a wider variety of deployment scenarios. Delivery of Keylime technologies aligns with the overall Red Hat corporate strategy of “Win the platforms and expand with our integrated products and services”

      Epic Goal

      • Build a prototype for integrating Keylime with OCP platform and allow the system to remote attestation 
      • The goal is to attest to the image integrity of RHCOS itself
      • The verification and other ‘server-side’ components need to be capable of running in OpenShift itself and not require, nor preclude, the use of KL Operator?.
      • These components need to be containerized and should have an Operator for scalability.
      • Verification of the integrity of a given container image. Treating the container image itself as a single ‘file’ or unit to be verified.
      • Appropriate prevention of running a container image if it does not match expected measurements

      Why is this important?

      Scenarios

      1. ...

      Acceptance Criteria

      • Running vTPM in Openshift cluster deployment CI 
      • Get an agent running on a node
      • Minimal development to start keylime infrastructure
      • Simple build and one use case to test the capability to call keylime API.
      • Build a plan and create stories for future work
      • Keylime server can run on RHEL outside of the cluster

      Out of scope

      1. Installing Keylime in OCP
      2. Integration with FIO
      3. Build a stand-alone operator
      4. CI Process

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              Unassigned Unassigned
              dcaspin@redhat.com Doron Caspin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: