Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Labels:
- 4.22-candidate

Epic Name:
Confidential Computing composefs-rs integration bootc
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
In Progress
Feature Link:
OCPSTRAT-2094 - UKI support in RHCOS
Parent Link:
OCPSTRAT-2094UKI support in RHCOS
Hierarchy Progress Bar:

4% To Do, 8% In Progress, 88% Done

WSJF:
0

Target Version:

openshift-4.22

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Intelligence Requested:
Market:

First steps needed to reach a PoC status for Confidential Computing support for RHCOS, mostly in GCP & Azure.

This tracks the work needed to implement support for the native composefs backend in bootc and support booting with UKIs (also known as Sealed Images).

This is tracked upstream in https://github.com/bootc-dev/bootc/issues/1190.

blocks

OCPSTRAT-2094 UKI support in RHCOS

depends on

COS-1794 Confidential Computing: Phase 0: Mark GCP images as AMD SEV-capable

Closed

RHEL-87250 bootc install --composefs

Closed

OCPBUGS-7582 RHCOS misses udev rules for GCE PD NVMe disks

Closed

OCPBUGS-11768 [4.13] RHCOS misses udev rules for GCE PD NVMe disks

Closed

OCPBUGS-11790 RHCOS missing udev rules for GCE PD NVMe disks in initrd

Closed

OCPBUGS-11791 [4.13] RHCOS missing udev rules for GCE PD NVMe disks in initrd

Closed

is depended on by

RFE-4522 Support additional protection via PCRs attestation for disk encryption with TPM

Backlog

OCPSTRAT-1940 RHCOS Attestation

In Progress

OCPSTRAT-614 GCP - Add support to AMD SEV confidential VMs (TP)

Closed

relates to

RHEL-119683 Hard to predict elements from the GRUB config are measured in PCR 8

RHEL-119685 BLS config support does not support the efi & version keywords

RHEL-127909 Create a build of GRUB with limited functionality to reduce update frequency

RHEL-127953 Limit PCR 8 measurements to config files which are not built in to the grub image.

OCPBUGS-18379 [CORS-2550] Fail to provision bootstrap vm when enabling ConfidentialVM + DiskWithVMGuestState

Closed

RHEL-119684 Secure Boot signed UKI results in GRUB backtrace

Closed

(2 depends on, 3 is depended on by, 6 relates to)

Assignee:: Pragyan Poudyal

Reporter:: Timothée Ravier

Votes:: 1 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2023/02/23 5:29 PM

Updated:: 2025/12/08 8:35 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates