[Proposal] IMA (Integrity Measurement Architecture) support in Kubernetes pods and containers

Skip to first unread message

Asier Gutierrez

Nov 23, 2022, 2:14:59 AM11/23/22
to kubernetes-sig-node

Hi there,


We are working in a set of patches for the linux kernel that will enable the use of virtual TPMs inside containers. The goal is to be able to verify the integrity of files inside containers.


We would like to use this feature in Kubernetes. We are working on some experimental changes in containerd, CRI API and OCI API.


We'd like to hear your thoughts. Would this feature be useful? If we see good feedback, we will start working on a KEP.




Sergey Kanzhelev

Jan 24, 2023, 3:46:24 PM (2 days ago) Jan 24
to kubernetes-sig-node
Discussed today at SIG Node meeting.

The feedback was that the feature looks interesting and promising, but it needs to be worked out from kernel up the stack.

Reply all
Reply to author
0 new messages