From 59f83ef37bb505bb51181a271703e7bdf2ab5851 Mon Sep 17 00:00:00 2001 From: Lin Tan <lin.tan@intel.com> Date: Tue, 16 Jun 2015 16:20:15 +0800 Subject: [PATCH] Add oat-client element This element installs oat-client on the image, that's necessary for trusted boot feature in Ironic to work. This element only works on Fedora. Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted boot, the oat-client will securely fetch the hash values from TPM. Change-Id: I0f1221b5708e9a5792df62ee6e73034f8bf1577c --- elements/oat-client/README.rst | 19 +++++++++++++++++++ elements/oat-client/element-deps | 1 + elements/oat-client/package-installs.yaml | 2 ++ .../oat-client/yum.repos.d/fedora-oat.repo | 8 ++++++++ 4 files changed, 30 insertions(+) create mode 100644 elements/oat-client/README.rst create mode 100644 elements/oat-client/element-deps create mode 100644 elements/oat-client/package-installs.yaml create mode 100644 elements/oat-client/yum.repos.d/fedora-oat.repo diff --git a/elements/oat-client/README.rst b/elements/oat-client/README.rst new file mode 100644 index 000000000..501c87bb8 --- /dev/null +++ b/elements/oat-client/README.rst @@ -0,0 +1,19 @@ +========== +oat-client +========== +This element installs oat-client on the image, that's necessary for +trusted boot feature in Ironic to work. + +Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted +boot, the oat-client will securely fetch the hash values from TPM. + +.. note:: + This element only works on Fedora. + +Put `fedora-oat.repo` into `/etc/yum.repos.d/`:: + + export DIB_YUM_REPO_CONF=/etc/yum.repos.d/fedora-oat.repo + +.. note:: + OAT Repo is lack of a GPG signature check on packages, which can be + tracked on: https://github.com/OpenAttestation/OpenAttestation/issues/26 diff --git a/elements/oat-client/element-deps b/elements/oat-client/element-deps new file mode 100644 index 000000000..7076aba94 --- /dev/null +++ b/elements/oat-client/element-deps @@ -0,0 +1 @@ +package-installs diff --git a/elements/oat-client/package-installs.yaml b/elements/oat-client/package-installs.yaml new file mode 100644 index 000000000..a82109a4c --- /dev/null +++ b/elements/oat-client/package-installs.yaml @@ -0,0 +1,2 @@ +oat-client: +oat-commandtool: diff --git a/elements/oat-client/yum.repos.d/fedora-oat.repo b/elements/oat-client/yum.repos.d/fedora-oat.repo new file mode 100644 index 000000000..32e3957bf --- /dev/null +++ b/elements/oat-client/yum.repos.d/fedora-oat.repo @@ -0,0 +1,8 @@ +# Place this file in your /etc/yum.repos.d/ directory + +[oat] +name=oat 2.2 packages and dependencies +baseurl=http://repos.fedorapeople.org/repos/gwei3/oat/fedora-$releasever/$basearch/ +enabled=1 +skip_if_unavailable=1 +gpgcheck=0