Meeting 14/12/2022

[THS-on]

Project Board

https://github.com/orgs/keylime/projects/1

Attendees

• @ansasaki
• @aplanas
• @edwards-n
• @galmasi
• @gustavobbrand
• @kkaarreell
• @lkatalin
• @lukehinds
• @maugustosilva
• @mdrocco
• @mbestavros
• @mpeters
• @osresearch
• @THS-on
• @ueno

Time: 09/11/22 15:30 GMT, 16:30 CET (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting&iso=20221214T1530&p1=769&ah=1)
Link: https://uni-kiel.zoom.us/j/65041600720?pwd=dUFRNzl3c0R4QU1Md1hCSHpneDA4QT09

Topics

• Removal of the Python agent
• Code quality improvements
• IMA
  • Implement major Keylime policy overhaul keylime#1147
  • Documentation on how to use IMA signatures (maybe with an example on how to use it with a distribution that ships out-of-the-box with signature support)
• Should keys have priority over single allowlist entries
• verifier: a (very simple) cache implementation for IMA policies (solves #1167) keylime#1243 or verifier: a (very simple) cache implementation for IMA policies (solves #1167) keylime#1243
• Roadmap for the next year
  • Push model
  • Documentation
  • Code improvements
    • Refactor of API entrypoints
    • Cleanup of the main event-loop
    • Moving the validation of the attestation data into a more flexible framework (probably a good idea if we want to support SGX attestation etc. in the future)

Actions

Meeting notes

[ueno]

I might not be able to attend (the time is a bit challenging for me in UTC+9), but I wanted to discuss rust-keylime library API after crate split; not every detail, but maybe the following could be touched:

• general approach: port from low-level primitives (TPM access etc.), then high-level functions (agent protocol, e.g., requesting integrity quote), and eventually hide the low-level API
• where to propose/review API: GitHub issue, PR, discussion, or even enhancement proposal?

[aplanas]

I wanted to discuss rust-keylime library API after crate split

I followed the PR about the split (:+1:). What would be the long term goal? Have some reusable components to move more parts of Keylime into Rust?

[mpeters]

Reusable components that can be used inside of other non-keylime projects I think is the goal. Like the ability to create an embedded agent inside something else.