Software

MIT-Keylime

More Information

Keylime is an open-source scalable trust system harnessing Trusted Platform Module (TPM) technology.

Keylime provides an end-to-end solution for bootstrapping hardware-rooted cryptographic trust for remote machines, the provisioning of encrypted payloads, and run-time system integrity monitoring. It also provides a flexible framework for the remote attestation of any given Platform Configuration Register (PCR). Users can create their own customized actions that will trigger when a machine fails its attested measurements.

Keylime's mission is to make TPM technology easily accessible to developers and users alike, without the need for a deep understanding of the lower levels of a TPM's operations. Amongst many scenarios, it is well suited to tenants who need to remotely attest machines not under their own full control (such as a consumer of hybrid cloud or a remote Edge / IoT device in an insecure physical tamper prone location).

Keylime can be driven with a CLI application, web front end, and a set of RESTful APIs.

Keylime consists of three main components: the Verifier, Registrar, and Agent.

  • The Verifier continuously verifies the integrity state of the machine that the agent is running on.
  • The Registrar is a database of all agents registered with Keylime and hosts the public keys of the TPM vendors.
  • The Agent is deployed to the remote machine that is to be measured or provisoned with secrets stored within an encrypted payload released once trust is established.
    Rust-based Keylime Agent

The Verifier, Registrar, and Agent are all developed in Python and situated in this repository Keylime. The Agent is currently undergoing a port to the Rust programming language, with this work taking place in the rust-keylime repository.

The decision was made to port the agent to Rust, as Rust is a low-level performant systems language designed with security as a central tenet, by means of the Rust compilers ownership model.

When the Rust Agent work is complete, the rust-keylime agent will become the recommended ongoing Agent within Keylime. Until then, the Python agent is fully functioning and available to use as a remote monitoring system to interact with the Keylime Verifier and Registrar.

TPM 1.2 & 2.0 support
Keylime supports both TPM versions 1.2 and 2.0. Going forward, new feature development will be more focused on the newer TPM 2.0 version.

Keylime can be used with a hardware TPM or a software TPM emulator for development, testing, or demonstration purposes. However, DO NOT USE Keylime in production with a TPM emulator! A software TPM emulator does not provide a hardware root of trust and dramatically lowers the security benefits of using Keylime.

A hardware TPM should always be used when real secrets and trust are required.