Skip to content

Instantly share code, notes, and snippets.

@THS-on
THS-on / README.md
Last active March 4, 2022 17:37
Keylime Push Model

Push Model for Keylime

Issue

Keylime currently operates on a pull basis which means that the tenant or verifier connect to the agent to collect attestation data. Therefore they need to know the IP and Port to connect to beforehand and this currently cannot change during attestation. This works fine in most virtualized environments where all the devices are in the same network, but not for edge devices or in BYOD contexts. There are workarounds using VPNs/overlay networking using OpenVPN, ZeroTier, Nebula etc. but none of them provide an ideal solution.

Actions that require connections to the agent

  • Identity quote: The purpose of the identity quote is to prove to the tenant that the NK (also called transport key) belongs to the same TPM as the agent. The NK is used for encrypting the U and V key during transport and is the also the key of mTLS certificate of the agent. The tenant uses this feature. This is also done to ensure that the agent behind that IP is still the same that registered by val
@THS-on
THS-on / README.md
Last active March 6, 2022 10:22
Non atomic qoutes for Keylime

Non atomic Quotes for attestation

Issue

A TPM contains multiple PCRs and can generate a signed quote over the concatenated hash of a selection of PCRs. The quote itself does not contain the values of the PCRs. If you want to have matching quote and PCR values most implementations (also Keylime) do the following trick:

  1. Read PCR values (8 at the time)
  2. Generate quote
  3. Read PCR values (8 at the time)
  4. Check if the PCR values from step 1. and 3. match, if not start with 1.