Remote Attestation is designed to prove a property of a system to a third party, which in this case, is you. It can provide proof that the execution environment can be trusted before beginning to execute code or before proceeding to deliver any secret information. Remote attestation can provide different services, such as measured boot attestation and runtime integrity monitoring, using a hardware-based cryptographic root of trust, otherwise known as a Trusted Platform Module (TPM).
If you want to continuously make sure that things aren’t being altered in real-time you can use Linux kernel's Integrity Measurement Architecture (IMA) with runtime integrity monitoring. The tools in this repository can help you do that. These tools are designed to work with Keylime, a highly scalable remote boot attestation and runtime integrity measurement solution.
In this repository, you will find various tools to help you generate runtime policies for runtime integrity monitoring with Keylime, parse through errors in the Keylime Verfier, and more.
To create a new runtime policy, run the following command. Run command -h to see the help menu.
python3 runtime_update_allowlist.py -x -v jammy -g -e
To update an existing runtime policy that is on your local machine, run the following command. Run command -h to see the help menu.
python3 runtime_update_allowlist.py -x -v jammy -u -e
To parse through the Keylime Verifier Log and retrieve all the errors run the following command.
Change the -e to -a to keep all lines in the log but in a more readable format.
python3 parse_verifier.py -f /path/to/verifier.txt -o /path/to/output/file.txt -e