Keylime, developed by MIT Lincoln Laboratory, is a free, open-source key bootstrapping and integrity management software architecture designed to increase the security and privacy of Edge/Cloud and Internet of Things (IoT) devices. Keylime enables users to securely bootstrap secrets (e.g., cryptographic keys, passwords and certificates) without divulging them unnecessarily and to continuously verify trust in their computing resources without needing to rely on trusting their cloud provider. The Keylime software architecture ensures four crucial features for enabling security:
- Using a hardware root of trust. A user-verifiable hardware root of trust allows a system to attest its state as early in the boot process as possible.
- Allowing for tenant-controlled keys. Tenant-controlled keys allow users to provision their machines without divulging these secrets to the provider.
- Maintaining cloud scalability. Cloud security solutions should be able to scale to support thousands of machines.
- Maintaining cloud compatibility. Users should not need to redesign their software or be limited to non-virtualized environments. Keylime is able to achieve all four of these critical properties without sacrificing performance, scalability or support