Keylime

keylime-logo

Open source TPM software for Bootstrapping and Maintaining Trust

What is Keylime?

Keylime is a TPM based highly scaleable remote boot attestation and runtime integrity measurement solution. Keylime enables users to monitor remote nodes using a hardware based cryptographic root of trust.
Keylime was originally born out of the security research team in MIT's Lincoln Laboratory.

TPM 2.0

Keylime adheres to the Trusted Computing Group TPM 2.0 specification. It is built on top of the Linux TPM2 Software Stack.

Open Source

Keylime is all open source.. You're free to make changes and we encourage community contributions.

TPM's made easy!

Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!

Features

\

Want to try Keylime?

Ansible role with a TPM emulator..


$ git clone https://github.com/keylime/ansible-keylime-tpm-emulator
                 

Use our Vagrantfile to stand up a VM


$ vagrant up --provision
$ vagrant ssh
$ sudo -s
                 

Start the verifier


# keylime_verifier
Using config file /etc/keylime.conf
2019-03-30 10:14:57.227 - keylime.cloudverifier - INFO - Starting Keylime Verifier (tornado) on port 8881, use  to stop
                 

Start the registrar


# keylime_registrar
Using config file /etc/keylime.conf
2019-03-30 10:15:44.440 - keylime.cloudverifier_common - INFO - Setting up TLS...
                 

Start the keylime agent


# keylime_agent
Using config file /etc/keylime.conf
2019-03-30 10:16:40.426 - keylime.secure_mount - INFO - mounting secure storage location /var/lib/keylime/secure on tmpfs
                 

Try out Run-time Attestation..

Need support? Come and chat with us

Read more about Keylime