Keylime Documentation

Contents:

  • Installation
  • User Guide
    • Authentication
    • Configuration
    • Runtime Integrity Monitoring
    • User Selected PCR Monitoring
    • Use Measured Boot
    • The keylime-policy tool
    • IDevID and IAK
    • Secure Payloads
    • Agent Revocation
  • Design of Keylime
  • Additional Reading
  • Rest API’s
  • Keylime Development
  • Securing Keylime
Keylime Documentation
  • User Guide
  • View page source

User Guide

Contents:

  • Authentication
    • Server Components CA
    • Agent Keylime CA
  • Configuration
    • Configuration file processing order
    • Configuration file format
    • Override configurations via configuration snippets
    • Override configurations via environment variables
    • Configuraton upgrades
    • The configuration upgrade script keylime_upgrade_script
  • Runtime Integrity Monitoring
    • Keylime Runtime Policies
    • Remotely Provision Agents
    • How can I test this?
    • IMA File Signature Verification
    • Using Key Learning to Verify Files
    • Legacy allowlist and excludelist Format
  • User Selected PCR Monitoring
    • How to use
    • rhboot shim-loader
  • Use Measured Boot
    • Introduction
    • Implementation
    • How to use
    • Named Measured Boot Policy
  • The keylime-policy tool
    • Creating runtime policies
    • Creating measured boot policies
    • Signing runtime policies
  • IDevID and IAK
    • Introduction
    • How to use
  • Secure Payloads
    • Single File Encryption
    • Certificate Package Mode
    • Certificate Package Example
  • Agent Revocation
Previous Next

© Copyright 2025, Keylime Developers.

Built with Sphinx using a theme provided by Read the Docs.