ServerOTrustedCloud
Launchpad Entry: https://blueprints.launchpad.net/ubuntu/+spec/server-o-trusted-cloud
Created: May 18, 2011
Contributors: serge-hallyn
Packages affected:
Summary
Security in the cloud is a hard problem. When I fire off an instance in the cloud, there is little reason to believe that the resulting image is unadulterated.
By leveraging trusted boot on node controllers and bootstrapping the measurements into the virtual image, a user can verify that an image he is about to use is what he expected.
This work is unlikely to produce results in the oneiric cycle. It's usefulness would be limited to encouraging upstream participation and facilitating prototyping for longer-term planning.
Release Note
This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)
It is mandatory.
Rationale
User stories
John retrieves a result from an online database in the cloud. In order to know whether to trust that result, he can first verify the measurements of the software running in that instance.
Assumptions
Virtual TPM work makes headway in getting into upstream seabios, kvm, and libvirt. Trusted boot in Ubuntu is usable.
BoF agenda and discussion
Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.