Keylime

keylime-logo

Bootstrapping and Maintaining Trust in the Cloud

What is Keylime?

Keylime is a TPM based highly scaleable remote boot attestation and runtime integrity measurement solution. Keylime enables cloud users to monitor remote nodes using a hardware based cryptographic root of trust.
Keylime was originally born out of the security research team in MIT's Lincoln Laboratory.

TPM 2.0

Keylime adheres to the Trusted Computing Group TPM 2.0 specification. It is built on top of the Linux TPM2 Software Stack.

Open Source

Keylime is all open source.. You're free to make changes and we encourage community contributions.

TPM's made easy!

Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!

Features

\

Get Started with Keylime

Install Keylime


git clone https://github.com/keylime/keylime
cd keylime
./installer.sh
                 

Start the verifier


# keylime_verifier
Using config file /etc/keylime.conf
2019-03-30 10:14:57.227 - keylime.cloudverifier - INFO - Starting Cloud Verifier (tornado) on port 8881, use  to stop
2019-03-30 10:14:57.228 - keylime.cloudverifier_common - INFO - Setting up TLS...
2019-03-30 10:14:57.228 - keylime.cloudverifier_common - INFO - Generating a new CA in /var/lib/keylime/cv_ca and a client certificate for connecting
2019-03-30 10:14:57.228 - keylime.cloudverifier_common - INFO - use keylime_ca -d /var/lib/keylime/cv_ca to manage this CA
2019-03-30 10:14:57.279 - keylime.ca-util - INFO - CA certificate created successfully in /var/lib/keylime/cv_ca
2019-03-30 10:14:57.309 - keylime.ca-util - INFO - Created certificate for name neptune successfully in /var/lib/keylime/cv_ca
2019-03-30 10:14:57.407 - keylime.ca-util - INFO - Created certificate for name client successfully in /var/lib/keylime/cv_ca
2019-03-30 10:14:57.409 - keylime.cloudverifier - INFO - Starting service for revocation notifications on port 8992
                 

Start the registrar


# keylime_registrar
Using config file /etc/keylime.conf
2019-03-30 10:15:44.440 - keylime.cloudverifier_common - INFO - Setting up TLS...
2019-03-30 10:15:44.471 - keylime.registrar-common - INFO - Starting Cloud Registrar Server on ports 8890 and 8891 (TLS) use  to stop
                 

Start the cloud agent


# keylime_agent
Using config file /etc/keylime.conf
2019-03-30 10:16:40.426 - keylime.secure_mount - INFO - mounting secure storage location /var/lib/keylime/secure on tmpfs
2019-03-30 10:16:40.502 - keylime.tpm2 - INFO - Taking ownership with config provided TPM owner password: keylime
2019-03-30 10:16:40.587 - keylime.tpm2 - INFO - TPM Owner password confirmed: keylime
2019-03-30 10:16:41.759 - keylime.cloudagent - INFO - Agent UUID: D432FBB3-D2F1-4A97-9EF7-75BD81C00000
2019-03-30 10:16:41.859 - keylime.registrar_client - INFO - Agent registration requested for D432FBB3-D2F1-4A97-9EF7-75BD81C00000
2019-03-30 10:16:42.289 - keylime.tpm2 - INFO - AIK activated.
2019-03-30 10:16:42.306 - keylime.registrar_client - INFO - Registration activated for agent D432FBB3-D2F1-4A97-9EF7-75BD81C00000.
2019-03-30 10:16:42.528 - keylime.cloudagent - INFO - Starting Cloud Agent on port 9002 use  to stop
2019-03-30 10:16:42.529 - keylime.revocation_notifier - INFO - Waiting for revocation messages on 0mq 127.0.0.1:8992
                 

Need support? Come and chat with us

Read more about Keylime