As people move workloads to shared and public cloud environments, what methods are available to attest their environment has not been tampered with? Is there a good way to use a standardized cryptographic module to do remote attestation, trusted system boot, and so on?

In this post we’ll introduce the Keylime project in some detail, and save a technology demo for a following hands-on article.

Keylime is an open source community-based project endeavoring to be the go-to technology for establishing and maintaining trusted infrastructure in distributed system deployments via two technologies:  the use of embedded Trusted Platform Module (TPM) hardware (version 2 and later); and the Linux kernel subsystem – Integrity Measurement Architecture (IMA).