Bootstrap & Maintain Trust on the Edge / Cloud and IoT

What is Keylime?

Keylime is a CNCF hosted project that provides a highly scalable remote boot attestation and runtime integrity measurement solution. Keylime enables users to monitor remote nodes using a hardware based cryptographic root of trust.
Keylime was originally born out of the security research team in MIT's Lincoln Laboratory.

TPM 2.0

Keylime adheres to the Trusted Computing Group TPM 2.0 specification. It is built on top of the Linux TPM2 Software Stack.

Open Source

Keylime is all open source.. You're free to make changes and we encourage community contributions.

TPM's made easy!

Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!



Want to try Keylime?

Get the Ansible role with a TPM emulator

$ git clone

Use our Vagrantfile to stand up a test VM

$ vagrant up --provision
$ vagrant ssh
$ sudo -s

Start the verifier

# keylime_verifier
Using config file /etc/keylime.conf
2020-09-30 10:14:57.227 - keylime.cloudverifier - INFO - Starting Keylime Verifier (tornado) on port 8881, use  to stop

Start the registrar

# keylime_registrar
Using config file /etc/keylime.conf
2020-09-30 10:15:44.440 - keylime.cloudverifier_common - INFO - Setting up TLS...

Start the Keylime agent

# keylime_agent
Using config file /etc/keylime.conf
2020-09-30 10:16:40.426 - keylime.secure_mount - INFO - mounting secure storage location /var/lib/keylime/secure on tmpfs

Try out run-time attestation..

Read more about Keylime

cloud-native computing

We are a Cloud Native Computing Foundation sandbox project.