VMware, Inc.
INTEGRITY PROTECTION OF CONTAINER IMAGE DISKS USING SECURE HARDWARE-BASED ATTESTATION IN A VIRTUALIZED AND CLUSTERED COMPUTER SYSTEM

Abstract:

An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; receiving, at the guest from a trust authority, a secret in response to verification of the attestation report; obtaining, at the guest from an entity, at least one key using transport layer security (TLS) data in the secret to verify identity of the guest to the entity; and using, at the guest, the at least one key to access or verify at least one disk attached thereto