News Releases

Tectonic, by CoreOS, now with Distributed Trusted Computing: Industry-First End-to-End Trusted Computing Environment
Enterprise Applications Run with Unmatched Levels of Integrity and Control Using a Cryptographic Chain of Trust from the Application Layer to the Hardware

NEW YORK, Dec. 2, 2015 /PRNewswire/ -- (Tectonic Summit 2015) – CoreOS, the company for deploying, managing and securing containers, is taking another step forward in its commitment to secure the Internet by today announcing Tectonic with Distributed Trusted Computing. An industry-first capability, Distributed Trusted Computing validates everything from the distributed application layer, to the container, down to the node and operating system, with hardware-driven cryptographic verification. With this, Tectonic is the most trusted and secure place to build, run and manage containers.

"Security is central to our mission here at CoreOS," said Alex Polvi, CEO of CoreOS. "It is rare to be able to introduce a completely new class of computing to the market, and we are proud today to do just that with Distributed Trusted Computing. This is a step further in the security capabilities of enterprises, for the first time giving cryptographically guaranteed end-to-end integrity and control of their environment."

Distributed Trusted Computing

Distributed Trusted Computing allows enterprises to have cryptographic guarantees about the configuration of their entire environment, from the distributed application layer to the hardware. This allows administrators to:

  • Validate and trust individual node and cluster integrity, even in potentially compromised or even hostile data center conditions
  • Verify system state before distributing app containers, data or secrets
  • Prevent attacks that involve modifying firmware, bootloader, the OS itself, or the deployment pipeline
  • Cryptographically verify, with an audit log, what containers have executed on the system

"Trusted Computing is critical for infrastructure security," said Matthew Prince, co-founder and CEO of CloudFlare. "We partnered with CoreOS to bring this capability into our environment as we continue to grow our global network."

Distributed Trusted Computing is available as a configuration to all users of Tectonic. Tectonic can run in any environment; Distributed Trusted Computing is optimized in bare metal configurations.

Giving the Enterprise Control Over Digital Rights

In addition to providing a cryptographic chain of trust, Tectonic with Distributed Trusted Computing advances CoreOS' belief in openness. Trusted Computing is used to ensure hardware is only running the software that is authorized to run. This creates the benefit of enhanced security. However, if misused, Trusted Computing could compromise user freedom to run whatever software they choose. In order to give enterprises ultimate control, without vendor lock-in, Tectonic with Distributed Trusted Computing enables customers to put their cryptographic keys into the firmware of their servers. This means the servers can run only the software explicitly authorized by the enterprise, and nothing else. Tectonic with Distributed Trusted Computing gives customers advanced security assurance, without vendor lock-in.

"Trusted Computing, Secure Boot and the TPM (Trusted Platform Module) bring immensely powerful security functionality to users," said Matthew Garrett, principal security software engineer at CoreOS and a board member of the Free Software Foundation. "These technologies are often thought of as restrictive DRM (digital rights management). But rather than taking away freedom or flexibility, our implementation builds on top of customer-controlled keys embedded in their server firmware, empowering operations teams to specify and verify exactly what software their systems run. They can trust their systems without giving up control."

Learn More

Sign up for Tectonic with Distributed Trusted Computing here. The complete trusted computing environment includes:

  • Cluster
    • Kubernetes - Only machines that are Secure Booted are allowed into the cluster. Secure materials, such as SSL private keys, are distributed only once the machine is verified to be in a trusted state.
  • Container Runtime
    • rkt - The operating system verifies that rkt is configured in a secure manner. Only containers signed with trusted keys are allowed to run on the cluster, extending the chain of trust into the container execution environment. Additionally, rkt utilizes the TPM to create a cryptographically verifiable, hardware-protected audit log of the containers executed across a cluster.
  • Operating System
    • CoreOS Linux - The operating system is verified before boot to ensure it has not been modified, including the hardware provider or cloud provider. If modified, the machine will not boot.
  • Hardware Enablement
    • Firmware - The customer's key is embedded in the firmware, giving control to the user to run whatever software they choose, and validate that it is exactly that software they deploy.
    • Trusted Platform Module (TPM) - Provides a tamper-proof audit log of everything that has booted.

"With concerns over the end-to-end security of applications being expressed on a daily basis, the challenge to developers and infrastructure providers to provide guarantees around security is ever increasing. The ability to ensure an entire system, from hardware to software, is in a trusted state before and while running an arbitrary application has long been a goal for the industry," said Fintan Ryan, analyst at RedMonk. "By incorporating support for international standards such as the Trusted Platform Module, in an open and transparent way that avoids vendor lock-in, alongside an opinionated software platform, the Tectonic Trusted Computing Platform is being built to address this challenge."

CoreOS is showcasing Tectonic with Distributed Trusted Computing at Tectonic Summit in New York on December 2 and 3.

Supporting Resources

About Tectonic

Tectonic, delivered by CoreOS, is the universal Kubernetes solution for deploying, managing and securing containers anywhere. Tectonic combines Kubernetes and the CoreOS stack in a commercial distribution, prepackaged with an enterprise-ready management dashboard, an integrated container registry and a supported, continuously up-to-date distributed platform.

Tectonic is available in any environment, cloud or on-premise. Learn more at or follow Tectonic on Twitter @tectonicstack.

About CoreOS, Inc.

CoreOS, Inc., the leader in container infrastructure, provides distributed systems components and solutions to positively change the way companies run applications. CoreOS is the creator of Tectonic, the universal Kubernetes solution, combining Google's Kubernetes and the CoreOS stack to deploy, manage and secure containers anywhere. In addition, CoreOS is the creator and maintainer of open source projects CoreOS Linux, etcd, fleet, flannel and rkt. The strategies and architectures that influence CoreOS allow companies like Google, Facebook and Twitter to run their services at scale with high resilience. Learn more at or follow CoreOS on Twitter @coreoslinux.



For further information: Kelly Tenn, CoreOS,, 1-415-364-8366