Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-2715

Create measurements for all the components used in the CoCo stack

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • None
    • BU Product Work
    • False
    • None
    • False
    • KATA-2603Enhanced protection for data in-use (CoCo)
    • Not Selected
    • 0
    • 0

      Feature Overview (aka. Goal Summary)  

      One of the key tenets of confidential computing is to ensure the software stack has not been tampered with. This is achieved by measuring the software components against known good values. The process is known as attestation.

      More details are in the following blog: https://www.redhat.com/en/blog/understanding-confidential-containers-attestation-flow

      Goals (aka. expected user outcomes)

      Customers should be able to setup CoCo environment on OpenShift by using reference values of the stack provided by Red Hat. 

      Further, customers should be able to create the pod VM image, capture the measurements of their pod VM image and feed it to KBS for verification as part of attestation process

      Requirements (aka. Acceptance Criteria):

      Ability to create pod VM image and capture measurements

      Ability to populate Key Broker Service (KBS) with known good reference values of the software stack (RHEL CVM based podvm image, pod VM components etc)

      Integrity protection of root file system

      Attestation workflow making use of the reference values.

       

       

            savitrih Savitri Hunasheekatti (Inactive)
            bpradipt Pradipta Banerjee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: