Adding Trusted Platform Module support to OpenStack

Make the cloud a more secure place

Project logistics

Preferred past experience

Project Overview

Initializing secrets in cloud computing environments is a difficult problem. Often times developers and operations professionals end up just transmitting an initial secret in a way that it could be intercepted by the provider. Lincoln has worked to understand Xen's Virtual Trusted Platform Module (vTPM) implementation, and written software to interact with the vTPM to address this problem.

This project's goal is to take this research and integrate it into OpenStack. This entails modifying Nova, OpenStack's compute resource scheduler, to spawn a vTPM instance on the same host as an actual cloud instance is started on and registering that with the vTPM manager on the host. We would expect that appropriate unit tests, specs/blueprints and operator documentation would be put together as well.

Indeed, this is a lot of work. But, our hope for this project is that your work would also be integrated into the actual OpenStack mainline -- exciting! This means you would gain development expertise within a large open source project, and would be a great way to demonstrate that you can take research and integrate it into a real system.

For more information about TPMs, there's a talk from OpenStack Summit 2015 that may be helpful.

You will learn about/use: