User Guide

Contents:

• Authentication
  • Server Components CA
  • Agent Keylime CA
• Authorization Framework
  • Overview
  • Authorization Providers
  • SimpleAuthProvider
  • Certificate Requirements
  • Default Configuration (Development/Testing)
  • Production Configuration (Multi-Admin Deployments)
  • Admin Operations Reference
  • Agent-Only Operations Reference
  • Agent-or-Admin Operations Reference
  • Security Considerations
  • Registrar Authorization
  • Troubleshooting
• Configuration
  • Configuration file processing order
  • Configuration file format
  • Override configurations via configuration snippets
  • Override configurations via environment variables
  • Configuration upgrades
  • The configuration upgrade script keylime_upgrade_script
  • Attestation Models: Pull vs Push
  • Configuration Options Reference
  • Configuration Version History
• Push-Model Attestation
  • Introduction
  • Prerequisites
  • Configuring the Verifier for Push Mode
  • Configuring the Push-Model Agent
  • Systemd Service Management
  • Enrolling an Agent for Push-Model Attestation
  • TLS Configuration for Push Model
  • Verifying the Deployment
  • Troubleshooting
• Runtime Integrity Monitoring
  • Keylime Runtime Policies
  • Remotely Provision Agents
  • How can I test this?
  • IMA File Signature Verification
  • Using Key Learning to Verify Files
  • Legacy allowlist and excludelist Format
• User Selected PCR Monitoring
  • How to use
  • rhboot shim-loader
• Use Measured Boot
  • Introduction
  • Implementation
  • How to use
  • Named Measured Boot Policy
• The keylime-policy tool
  • Creating runtime policies
  • Creating measured boot policies
  • Signing runtime policies
• IDevID and IAK
  • Introduction
  • How to use
• Secure Payloads
  • Single File Encryption
  • Certificate Package Mode
  • Certificate Package Example
• Agent Revocation