Meeting 26/02/2025

[ansasaki]

Attendees

• @ansasaki
• @aplanas
• @deeglaze
• @edwards-n
• @ematery
• @galmasi
• @husky-parul
• @Isaac-Matthews
• @kkaarreell
• @maugustosilva
• @mayaCostantini
• @marcostork
• @mdrocco
• @mbestavros
• @mheese
• @mruffin
• @mpeters
• Niteesh Dubey
• @ruocco
• @stringlytyped
• @stefanberger
• @THS-on
• @tpletcher-hpe
• @tylerfanelli
• @ueno
• @sarroutbi
• @sergio-correia
• @gnurugs
• Shiva Dasari
• Christian Schilling

Time: 26/02/2025 16:00 UTC (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting&iso=20250226T16)

Google Meet joining info
Video call link: https://meet.google.com/nos-bkdi-cnn
Or dial: ‪(DE) +49 30 300195060‬ PIN: ‪607 390 654 8381‬#
More phone numbers: https://tel.meet/nos-bkdi-cnn?pin=6073906548381
Or join via SIP: sip:6073906548381@gmeet.redhat.com

Topics

• New releases:
  • Keylime v7.12.1: https://github.com/keylime/keylime/releases/tag/v7.12.1
• Added new members to core team in the hope to improve current review delays
  • @kkaarreell
  • @stringlytyped
  • @Isaac-Matthews
  • @sarroutbi
• Push model updates
  • #keylime-push-attestation channel on CNCF Slack
  • Publicly accessible project: Agent-driven attestation
  • Currently working on defining data formats, JSON schemas for the protocol
    • Should we try to use something already standardized (or in the way of being a standard)?
• Mentorship project CMW, EAT in collaboration with Veraison
  • Veraison Mentorship: Harmonizing Open-Source Verifiers with RATS Standards veraison/.github#6
• Multiple addresses for registrar and verifier in push model
  • Multiple addresses for Registrar and Verifier rust-keylime#947
• Default community health files
  • https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file
  • Code of Conduct, GOVERNANCE, etc.
  • See Establish a code of conduct rust-keylime#737
• Improve Keylime score in CNCF CLO Monitor
• Current state of attestation-operator
• Enhancements:
  • TEE Boot Attestation: TEE Boot Attestation proposal enhancements#108
  • Improvement around Transport Key (NK): enhancement-112: Improvements around the Transport Key (NK) enhancements#113
  • EK certificate chain support: Enhancement: Add EK Certificate Chain support enhancements#116
• Open PRs:
  • EK certificate chain support:
    • Add support for EK Certificate Chain, resolves #1552 keylime#1668
    • resolves #859 rust-keylime#860
    • The enhancement proposal was merged, but the implementation was not
  • Add agent-driven (push) attestation protocol: Add agent-driven (push) attestation protocol keylime#1693
  • Registrar hook for identity trust decisions: Add webhook for receiving and modifying registrar identity trust decisions keylime#1670
  • ECC support in agent: Enable different key sizes and curves for EK and AK rust-keylime#846
  • Threat model documentation: Docs: expand security/threat model page keylime#1704
  • Separate CA and logging configuration per component: Allow separate CA and logging configurations for components keylime#1715
  • Implement reject list in runtime policy: Add support for a reject list in runtime policy keylime#1545

[husky-parul]

Attendees

husky-parul

Agenda

• Current state of attestation-operator
• Looking forward to contribute to keylime operator for Kubernetes/OpenShift