@THS-on creates proposal for removing the CA for tracking the attestation state
@mbestavros now is working on the IMA policy change finalizes the with @lukehinds and @THS-on the proposals
@mpeters is coordinating the CNCF annual review. Other people are welcome to help.
@ansasaki works on bringing the configuration changes to the Rust agent.
The next release will be 6.5.0
Meeting notes
Configuration and TLS configuration change
Is complete and will be merged. Changes will be also done to the Rust agent.
Release Schedule
Keylime is switching to a time based release cycle. The current plan is to make a release every last week of the month.
IDevID, IAK, LDevID and LAK support
Proposal was merged already. The current implementation is at the experimentation stage with the registrar and Rust agent. An initial draft PR will be send in a few weeks by @gustavobbrand.
Rust agent
Large scale testing by IBM showed no major problems with the Rust agent. Most of the issues were on the server side.
Better loading mechanism for the persistent AK to avoid issues on SW TPMs was discussed (checking the EK hash before loading)
1.0 is coming in the next couple of weeks (after Keylime 6.5.0)
@lkatalin will update the documentation to the new Rust agent once 1.0 version was released.
The CNCF annual review will be organized by @mpeters. Other people are welcome to join him. If your company/project is using Keylime please add yourself to the friends repo: https://github.com/keylime/friends
Further cleanups
@mbestavros is working on cleaning up the IMA policy format. After those changes are done the commandline options of the tenant should be reviewed.
The Keylime CA with revocation support for the agent should be removed. This can implemented via the webhook support. (We also need to check the interactions with the payload and revocation mechanism)
Project Board
https://github.com/orgs/keylime/projects/1
Attendees
Meeting Time and Link
Time: 14/09/22 16:30 BST, 17:30 CEST (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting&iso=20220914T1630&p1=769&ah=1) Link: https://uni-kiel.zoom.us/j/66115318264?pwd=clU2M1lSN0hJMlNjbElnd01FdEVhQT09
(Preliminary)Topics
Actions
Meeting notes
Configuration and TLS configuration change
Is complete and will be merged. Changes will be also done to the Rust agent.
Release Schedule
Keylime is switching to a time based release cycle. The current plan is to make a release every last week of the month.
IDevID, IAK, LDevID and LAK support
Proposal was merged already. The current implementation is at the experimentation stage with the registrar and Rust agent. An initial draft PR will be send in a few weeks by @gustavobbrand.
Rust agent
Durable Attestation
Sending the PRs was delayed until the configuration changes were merged. They are functional and will be upstreamed in the next couple of weeks.
Looking at a integration with https://github.com/nokia/AttestationEngine/ for further forensic tools might be useful in the future.
CNCF annual review
The CNCF annual review will be organized by @mpeters. Other people are welcome to join him. If your company/project is using Keylime please add yourself to the friends repo: https://github.com/keylime/friends
Further cleanups
@mbestavros is working on cleaning up the IMA policy format. After those changes are done the commandline options of the tenant should be reviewed.
The Keylime CA with revocation support for the agent should be removed. This can implemented via the webhook support. (We also need to check the interactions with the payload and revocation mechanism)