Skip to content
Rust implementation of the keylime agent (Not ready for deployment)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


License: LGPL v3


This is a Rust implementation of python-keylime from MIT Lincoln Lab. Keylime is system integrity monitoring system that has the following features:

  • Exposes TPM trust chain for higher-level use
  • Provides an end-to-end solution for bootstrapping node cryptographic identities
  • Securely monitors system integrity

For more information, see the original python implementation repo and paper in the References section.

For now, this project is focusing on the keylime agent component, which is a HTTP server running on the server machine that executes keylime operations. Most keylime operations rely on TPM co-processor; therefore, the server needs a physical TPM chip (or a TPM emulator) to perform keylime operations. The TPM emulator is a program that runs in the deamon to mimic TPM commands.


Required Packages

The rust-keylime agent requires the following packages for both compile and run time.

For Fedora, use the following command

$ dnf install openssl-devel gcc

For Ubuntu OS, use the following command

$ apt-get install openssl-dev gcc


Make sure Rust is installed before running Keylime. Installation instructions can be found here.


The TPM4720 package is required to use Keylime. It can be found at mit-ll/tpm4720-keylime. TPM4720` supports systems that have physical TPM chips, and can also integrate with a TPM emulator (see below).


TPM4720 Emulator on Fedora-28

Run the following script as the root user to install TPM4720 into the mit-ll/tpm4720-keylime repo root directory.

$ cd scripts/
$ sudo bash

This has been tested with Fedora 28. It may or may not work with other environments.

Logging env

To run with pretty-env-logger trace logging active, set cargo run within RUST_LOG, as follows:

$ RUST_LOG=keylime_agent=trace cargo run


Unit tests are gating in CI for new code submission. To run them:

$ cargo test


  1. Keylime Paper: here
  2. python-keylime: here
  3. TPM4720: here
You can’t perform that action at this time.