Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3111

Create integrity-protected pod VM image for Azure

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • None
    • Create integrity-protected pod VM image Azure
    • BU Product Work
    • 5
    • False
    • None
    • False
    • KATA-3346Use RHEL image mode for building Kata (pod) VM image
    • Not Selected
    • To Do
    • KATA-3346 - Use RHEL image mode for building Kata (pod) VM image
    • No
    • 0
    • 0.000

      Epic Goal

      • Create integrity-protected pod VM image

      Why is this important?

      • For CoCo, it's important to ensure that the VM image has not been tampered with, otherwise secrets can be exfiltrated via tampered software.

      Scenarios

      1. ...
      2. ...

      Acceptance Criteria 

      (The Epic is complete when...)

      • Instructions to create dm-verity protected CVM image for peer-pods via operator or standalone
      • Instructions to generate measurements of the image
      • Verifying the measurements via KBS

       

      Additional context:

       

      Upstream has a method that is described in the following blog 

       

      Vitaly has instructions on how create dm-verity protected CVM images in public cloud

              eesposit@redhat.com Emanuele Giuseppe Esposito
              bpradipt Pradipta Banerjee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: