Keylime

What is Keylime?

Keylime is a TPM based highly scaleable remote boot attestation and runtime integrity measurement solution. Keylime enables users to monitor remote nodes using a hardware based cryptographic root of trust.
Keylime was originally born out of the security research team in MIT's Lincoln Laboratory.

TPM 2.0

Keylime adheres to the Trusted Computing Group TPM 2.0 specification. It is built on top of the Linux TPM2 Software Stack.

Open Source

Keylime is all open source.. You're free to make changes and we encourage community contributions.

TPM's made easy!

Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!

Features

Remote Boot Attestation
Linux IMA Runtime Integrity Monitoring
Certificate Authority
Secure Secret Provisioning
Demo Scripts
Ansible Playbooks

Want to try Keylime?

Ansible role with a TPM emulator..


$ git clone https://github.com/keylime/ansible-keylime-tpm-emulator

Use our Vagrantfile to stand up a VM


$ vagrant up --provision
$ vagrant ssh
$ sudo -s

Start the verifier


# keylime_verifier
Using config file /etc/keylime.conf
2019-03-30 10:14:57.227 - keylime.cloudverifier - INFO - Starting Keylime Verifier (tornado) on port 8881, use  to stop

Start the registrar


# keylime_registrar
Using config file /etc/keylime.conf
2019-03-30 10:15:44.440 - keylime.cloudverifier_common - INFO - Setting up TLS...

Start the keylime agent


# keylime_agent
Using config file /etc/keylime.conf
2019-03-30 10:16:40.426 - keylime.secure_mount - INFO - mounting secure storage location /var/lib/keylime/secure on tmpfs

Try out Run-time Attestation..

Run-time setup

Need support? Come and chat with us

Chat on gitter.im

Join the mailing list