OpenStack community members are voting on presentations to be presented at the OpenStack Summit, November 3-7, in Paris, France. We received hundreds of high-quality submissions, and your votes can help us determine which ones to include in the schedule.
You are a cloud user who wants bare metal for performance forging the security benefits of virtualization. All the OpenStack services, such as, Nova, Keystone, and Glance, all run on bare metal. At launch time, can we trust that they are free of malware?
Ironic in OpenStack provides support for flashing machines using network boot, PXE/iPXE. We propose modifying Ironic for trusted boot by using a two phase measured launch approach. In Phase 1, measure the Ironic boot loader, and in Phase 2, measure the Glance image we seek to install on the machine. Glance images could carry expected hash values.
The solution described relies on tboot, an open source trusted boot loader, OAT, an open source remote attestation service, Intel TXT technology, and a trusted platform module (TPM). We round out the talk with a demo illustrating trusted boot.
Contributors: Tan Lin (Intel), Gang Wei (Intel), and Devananda van der Veen (HP)
Malini Bhandaru is an architect with the Open Source Cloud group at Intel. She is a member of OSSG. Her tenure at Intel spans work on cloud and security, fast encryption algorithms, and platform power and performance. Prior to Intel she worked on speech recognition, remote monitoring and management, and web applications. She has a Ph.D. in Artificial Intelligence from Univ. of Massachusetts at Amherst.