Bootstrap & Maintain Trust on the Edge / Cloud and IoT

What is Keylime?

Keylime is a CNCF hosted project that provides a highly scalable remote boot attestation and runtime integrity measurement solution. Keylime enables users to monitor remote nodes using a hardware based cryptographic root of trust.
Keylime was originally born out of the security research team in MIT's Lincoln Laboratory.

TPM 2.0

Keylime adheres to the Trusted Computing Group TPM 2.0 specification. It is built on top of the Linux TPM2 Software Stack.

Open Source

Keylime is all open source. You're free to make changes and we encourage community contributions.

TPM's made easy!

Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!



Want to try Keylime?

Check if your device has a TPM 2.0 (on Kernel 5.6+)

$ cat /sys/class/tpm/tpm*/tpm_version_major

Install the Agent, Registrar, Tenant and Verifier

Try out run-time attestation

Read more about Keylime

cloud-native computing

We are a Cloud Native Computing Foundation sandbox project.