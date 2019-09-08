Canonical solves this problem with automation that decouples architectural choices from the operations code base that supports upgrades, scaling, integration and bare metal provisioning. From bare metal to cloud control plane, Canonical’s Charmed OpenStack uses automation and leverages model-driven operations. Canonical’s Charmed OpenStack is an enterprise grade OpenStack distribution that ensures private cloud best price-performance, providing full automation around OpenStack deployments and operations. Together with Ubuntu, it meets the highest security, stability and quality standards in the industry. Get in touch with us to learn how banks globally are using open source technologies including private cloud build using OpenStack on Ubuntu to deliver their digital strategy and stay at the forefront of innovation. Also: The Fridge: Ubuntu Weekly Newsletter Issue 695

Kernel: soliddriver-checks, "sev_secret", and Trenchboot Introduction to soliddriver-checks The OS kernel is central and fundamental to system functionality and integrity. A user needs to be able to trust in the security and stability of the OS kernel at the heart of their mission critical systems. This trustworthiness extends just the same to kernel modules delivered by third party vendors. Such third party modules (often device drivers) are necessary to exploit products and features that are not supported directly with the SUSE kernels.

Linux "sev_secret" Patches For Tapping Confidential Computing Secret Areas In AMD SEV - Phoronix [Ed: "Confidential Computing" has nothing to do with confidentiality, it's just a brand [1, 2]] The latest AMD SEV work happening to the Linux kernel for benefiting EPYC servers with virtualization is the new "sev_secret" module for allowing guests to access confidential computing secret areas. AMD Secure Encrypted Virtualization does allow guest VM owners to inject "secrets" into the virtual machines without the host or hypervisor being able to read those secrets. At present though the Linux kernel doesn't allow accessing of these secrets from within guest virtual machines.

Oracle Sends Out Newest Patches For Trenchboot / Secure Launch For The Linux Kernel - Phoronix For more than one year now Oracle engineers have been working on Trenchboot support for securely booting the Linux kernel. Sent out today is the third revision of this work for establishing a dynamic root of trust for measurement. Trenchboot is centered around improving boot security and integrity. Oracle engineers have been involved with working on Trenchboot integration for the GRUB boot-loader and related components, including this Linux kernel support that has yet to land. Trenchboot relies on Intel's TXT/SKINIT and AMD-V support for the hardware support around the integrity measurements.