Keylime is an open-source project that developers and users can leverage to bootstrap trust for remote machines, provision encrypted payloads, and run system integrity monitoring.
Key features include remote boot attestation, Linux IMA runtime integrity monitoring, application bootstrapping, secure payload provisioning, revocation framework, and certificate authority integration.
The mission of the project is to make Trusted Platform Module (TPM) technology more accessible, without needing to understand how it operates. Ideal use cases include users that need to remotely attest machines, such as in hybrid cloud or a remote edge device in a tamper-prone location.
Keylime is made up of three main components: the verifier, registrar, and the agent. The verifier verifies the state of the machine that the agent runs on. The registrar is a database of the agents registered in Keylime. The agent is what gets deployed to the remote machine.
All components were written in Python, however work is currently being made to port the agent to Rust. This decision was made due to the fact that Rust is a low level language with security baked into the design.
Keylime was developed in MIT’s Lincoln Laboratory, and is now hosted by the Cloud Native Computing Foundation (CNCF).