Trusted compute pools enable administrators to designate a group of compute hosts as "trusted". These hosts use hardware-based security features, such as Intel's Trusted Execution Technology (TXT), to provide an additional level of security. Combined with an external standalone web-based remote attestation server, cloud providers can ensure that the compute node is running software with verified measurements, thus they can establish the foundation for the secure cloud stack. Through the Trusted Computing Pools, cloud subscribers can request services to be run on verified compute nodes. The remote attestation server performs node verification through the following steps: Compute nodes boot with Intel TXT technology enabled. The compute node's BIOS, hypervisor and OS are measured. These measured data is sent to the attestation server when challenged by attestation server. The attestation server verifies those measurements against good/known database to determine nodes' trustworthiness. A description of how to set up an attestation service is beyond the scope of this document. See the Open Attestation project for an open source project that can be used to implement an attestation service. The Compute service must be configured to with the connection information for the attestation service. The connection information is specified in the trusted_computing section of nova.conf. Specify the following parameters in this section. server Hostname or IP address of the host that runs the attestation service port HTTPS port for the attestation service server_ca_file Certificate file used to verify the attestation server's identity. api_url The attestation service URL path. auth_blob An authentication blob, which is required by the attestation service. Add the following lines to /etc/nova/nova.conf in the DEFAULT and trusted_computing sections to enable scheduling support for Trusted Compute Pools, and edit the details of the trusted_computing section based on the details of your attestation service.[DEFAULT] compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler scheduler_available_filters=nova.scheduler.filters.all_filters scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter [trusted_computing] server=10.1.71.206 port=8443 server_ca_file=/etc/nova/ssl.10.1.71.206.crt # If using OAT v1.5, use this api_url: api_url=/AttestationService/resources # If using OAT pre-v1.5, use this api_url: #api_url=/OpenAttestationWebServices/V1.0 auth_blob=i-am-openstack Restart the nova-compute and nova-scheduler services after making these changes. One or more flavors must be configured as "trusted". Users can then request trusted nodes by specifying one of these trusted flavors when booting a new instance. Use the nova flavor-key set command to set a flavor as trusted. For example, to set the m1.tiny flavor as trusted: # nova flavor-key m1.tiny set trust:trusted_host trusted A user can request that their instance runs on a trusted host by specifying a trusted flavor when invoking the nova boot command.