[Proposal] IMA (Integrity Measurement Architecture) support in Kubernetes pods and containers

30 views
Skip to first unread message

Asier Gutierrez

unread,
Nov 23, 2022, 2:14:59 AM11/23/22
to kubernetes-sig-node

Hi there,

 

We are working in a set of patches for the linux kernel that will enable the use of virtual TPMs inside containers. The goal is to be able to verify the integrity of files inside containers.

 

We would like to use this feature in Kubernetes. We are working on some experimental changes in containerd, CRI API and OCI API.

 

We'd like to hear your thoughts. Would this feature be useful? If we see good feedback, we will start working on a KEP.

 

Cheers,

Asier

Sergey Kanzhelev

unread,
Jan 24, 2023, 3:46:24 PM (2 days ago) Jan 24
to kubernetes-sig-node
Discussed today at SIG Node meeting.

The feedback was that the feature looks interesting and promising, but it needs to be worked out from kernel up the stack.

Reply all
Reply to author
Forward
0 new messages