oat-client

oat-client¶

This element installs oat-client on the image, that’s necessary for trusted boot feature in Ironic to work.

Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted boot, the oat-client will securely fetch the hash values from TPM.

Note

This element only works on Fedora.

Put fedora-oat.repo into /etc/yum.repos.d/:

export DIB_YUM_REPO_CONF=/etc/yum.repos.d/fedora-oat.repo

Note

OAT Repo is lack of a GPG signature check on packages, which can be tracked on: https://github.com/OpenAttestation/OpenAttestation/issues/26

this page last updated: 2024-04-17 18:23:33

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.