US 11,893,410 B2
Secure storage of workload attestation reports in a virtualized and clustered computer system
Abhishek Srivastava, Sunnyvale, CA (US); David A. Dunn, Sammamish, WA (US); Jesse Pool, Ottawa (CA); and Adrian Drzewiecki, Mountain View, CA (US)
Assigned to VMware, Inc., Palo Alto, CA (US)
Filed by VMware, Inc., Palo Alto, CA (US)
Filed on Jan. 13, 2021, as Appl. No. 17/148,428.
Prior Publication US 2022/0222098 A1, Jul. 14, 2022
Int. Cl. G06F 9/455 (2018.01); G06F 9/50 (2006.01); G06F 21/53 (2013.01)
CPC G06F 9/45558 (2013.01) [G06F 9/505 (2013.01); G06F 9/5077 (2013.01); G06F 21/53 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method of secure attestation of a workload deployed in a virtualized computing system, the virtualized computing system including a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the method comprising:
generating, by a trust authority running on a processor of the virtualization management server, a hash of at least a portion of an image of a virtual machine (VM) managed by the virtualization layer, and then storing, by the trust authority, a pre-defined attestation report that includes the hash generated by the trust authority;
receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report that the security module generated by hashing at least a portion of the image, wherein a portion of the image is encrypted; and
determining, by the trust authority, a match between the received attestation report and the pre-defined attestation report, and then transmitting, by the trust authority to the security module, a secret that is acquired from a key management service and used by the VM to access information from the encrypted portion of the image.