XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Medium
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Epic Name:
Create integrity-protected pod VM image Azure
Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Intelligence Requested:
Market:
Product Documentation Required:
No

Cost of Delay:
0
WSJF:
0.000
Target Version:

OSC 1.7.0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Epic Goal

Create integrity-protected pod VM image

Why is this important?

For CoCo, it's important to ensure that the VM image has not been tampered with, otherwise secrets can be exfiltrated via tampered software.

Scenarios

...
...

Acceptance Criteria

(The Epic is complete when...)

Instructions to create dm-verity protected CVM image for peer-pods via operator or standalone
Instructions to generate measurements of the image
Verifying the measurements via KBS

Additional context:

Upstream has a method that is described in the following blog

https://confidentialcontainers.org/blog/2024/03/01/building-trust-into-os-images-for-confidential-containers/

Vitaly has instructions on how create dm-verity protected CVM images in public cloud

is depended on by

KATA-2715 Create measurements for all the components used in the CoCo stack

In Progress

Assignee:: Emanuele Giuseppe Esposito

Reporter:: Pradipta Banerjee

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/06/05 7:50 AM

Updated:: 2024/10/08 9:46 AM