Never really dug into fs-verity before. It builds an ickle merkle tree for every file. Sounds expensive, but seems to be very performant. IMA can measure fs-verity signatures, so @KeylimeProject should be able to remote attest config files etc (not tested it yet).
ANNOUNCEMENT: Version 6.3.2 of keylime has been tagged and released - https://t.co/VZCrgOmzrT… - More new contributors, more bug fixes, more/better docs and more stability.
Keylime v6.2.1 has been released - https://t.co/hWn0sxP6Eo
Changes include ability to tag and collect revocation events, and a new option for to send revocation events via webhook. Along with lots of bug fixes, dependency removal, code cleanups and fixed typos.
Come listen to me and my colleagues talk about software security, hardware roots-of-trust and the Keylime project and see if I can pull off a live demo first thing in the morning (9am ET)
At 13:00 UTC my colleagues @m_peters and Lily Sturmann will be on "the level up hour" talking about the @CloudNativeFdn project @KeylimeProject as well as providing a live demo https://t.co/f4iCHFfcrt
Keylime starting to come up in many conversations now. Thanks @Thalesesecurity for the mention at the European Cyber Week and @fduthilleul for the pic.
Regarding https://t.co/85LnsYSw6Y - Keylime is not at risk of this attack. We don't generate and store private keys, we use the EK & AK to attest trust, and neither of those keys were accessible via the aforementioned attack.
We just released v5.0.0. Python 2 support depreciated with Python 3 now in. pycryptodome support removed and ported to python-cryptography (openssl wrapper). Want to check it out, try the ansible role in a VM with a tpm emulator https://t.co/FB1K5hUjB6
One of our developers @lukeahinds will be on the #RedHat booth at the #opennetsummit this week running live demonstrations of https://t.co/W9u1pduHyU used for Edge Security with a hardware root of trust in a TPM - drop by, say hi and take a look!