Open Source Summit North America 2022

Security is an ever-greater concern, while more critical workloads are running in the cloud than ever before. This raises questions: Is it possible to verify that only approved software is running on servers? To ensure a cloud node is booted with the right kernel options? To prevent tampering of virtual machines on a public cloud? And is it possible to do all of this remotely and at scale, using open source solutions? Yes: Keylime is a CNCF sandbox project encompassing all of these goals. Leveraging two foundational security technologies, hardware Trusted Platform Modules (TPMs) and the Linux Integrity Measurement Architecture (IMA), Keylime has the capability to act as the bridge between these technologies and real-world deployments both large and small, offering remote attestation of both a machine's boot state and software running after boot. This session will cover how Keylime brings together TPMs and IMA, adds continuous remote attestation, and enables configurable automatic revocation actions after a compromise. The session will also discuss how to leverage Keylime with Kubernetes deployments, and Keylime's shift to Rust for a smaller footprint that works in more diverse environments. Find out how Keylime provides a compelling security story for Cloud and Edge.