Show HN: Containerized remote attestation with TPM-style hash chaining(github.com)
github.com
Show HN: Containerized remote attestation with TPM-style hash chaining
https://github.com/Calebp98/remote_attestation
2 comments
Does it also run the container in a TEE to attest to code execution, or does it only use a TPM to load the keys for signing resources? Either way, it sounds like a very cool idea! I have to dive into the code.
It doesn't use a TEE or a real TPM. I may try to simulate a TPM to get a better feel for what working with that is like, or maybe use the secure enclave. The main thing the project demonstrates is verifying the integrity of files in one container to another container - similar to how measured boot work in remote attestation (or at least my understanding of it).
It’s not production-grade, but I’d love feedback if you’re into systems security or want to learn a bit about how attestation works under the hood.