Trusted Computing provides the tools needed to ensure that Containers are only run on hardware that can prove its Trustworthiness. That's a solved problem. But what if we want the same sort of assurances about our Containers themselves? And what if we want to do this in the Cloud rather than on bare metal? Where do we go next?
This presentation will describe how we can extend the same Trusted Computing technologies we're using to validate the system boot process to also validate the launched Containers, and how this can be used to produce a cryptographically verifiable audit trail and prevent undesirable combinations of Containers. It will also discuss how these techniques can be adopted in Cloud environments without requiring the use of a virtual TPM, increasing Trust throughout the container ecosystem.