No description, website, or topics provided.
Branch: release-cit-2.2
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
blueprints release-cit-3.0: performance notes Feb 5, 2016
common dev-cit-2.2: update rest of pom.xml to 2.2-SNAPSHOT for the parent May 17, 2016
database dev-cit-2.2-tpm2-eventlogs: Add SQL migrations to for host specific m… Aug 10, 2016
desktop dev-cit-2.2-merge-sdl2.1: Merge branch 'v2.1+SDL-fixes' into dev-cit-… Aug 26, 2016
features
installers
integration dev-cit-2.2: Remove mtwilson-client-java5 (Unused project) Oct 11, 2016
maven
packages dev-cit-2.2: fix #5841 Oct 17, 2016
plugins dev-cit-2.2: update rest of pom.xml to 2.2-SNAPSHOT for the parent May 17, 2016
portals
services dev-cit-2.2: updating tpa.sh to use TLSv1.2 as the secure protocol fo… Oct 25, 2016
trust-agent dev-cit-2.2: updating tss2 library and tpm2-tool to the lastest Oct 31, 2016
.gitignore
BSD_LICENSE release-cit-2.1: Committing License and Readme file. Jul 1, 2016
README.md release-cit-2.2: README.md changes Nov 9, 2016
build.targets
build.xml dev-cit-2.1: moved all javadoc related maven plugins to release profile Jun 15, 2016
change-maven-version.sh dev-cit-3.1: added version change command for mtwilson-export-data-bu… Mar 25, 2016
klocwork.sh
pom.xml

README.md

#Open Cloud Integrity Technology

The Open CIT project provides: A cloud management tool software development kit (SDK) source code and binaries

2.2 Features

  • TPM 2.0 support.
    • Added support for platform and asset tag attestation of Linux and Windows hosts with TPM 2.0.
    • Support attestation of either SHA1 or SHA256 PCR banks on TPM 2.0.
    • Ubuntu 16.04 and RHEL 7.2, 7.3 (SHA1 and SHA256), Windows Server 2012 and Hyper-V Server 2012 (SHA1) are supported with TPM 2.0
  • All the certificates and hashing algorithms used in CIT are upgraded to use SHA256. SHA1 has been deprecated and will no longer be used.
  • CIT Attestation Service UI has been updated to allow the user to select either the SHA1 or SHA256 PCR bank for Attestation of TPM 2.0 hosts.
    • The CIT Attestation Service will automatically choose the strongest available algorithm for attestation (SHA1 for TPM 1.2, and SHA256 for TPM 2.0)
  • CIT Attestation Service UI Whitelist tab no longer requires the user to select PCRs when whitelisting, and will automatically choose the PCRs to use based on the host OS and TPM version. This is done to reduce confusion due to differing behaviors between TPM 1.2 and TPM 2.0 PCR usages.
  • Additional changes made to support TPM 2.0
    • Linux hosts with TPM 2.0 will now utilize TPM2.0-TSS (TPM 2.0 Software Stack) and TPM2.0-tools instead of the legacy trousers and tpm-tools packages. The new TSS2 and TPM2.0-tools are packaged with the CIT Trust Agent installer.
    • TPM 2.0 Windows hosts use TSS.MSR (The TPM Software Stack from Microsoft Research) PCPTool.
    • TPM 1.2 hosts will continue to use the legacy TSS stack (trousers) and tpm-tools components.

New Prerequisites required for TPM 2.0 Support

  • Kernel Driver must support TPM 2.0
    • RHEL 7.2 kernel version 3.10.0-327 or higher with latest update. Ubuntu 16.04 kernel needed is 4.4.
  • Tboot version used for TPM 2.0 is tboot 1.9.4 or higher.

2.1 Features

  • Attestation support for Windows platform

2.0.7 Features

  • Establish chain of trust of BIOS, firmware, OS kernel & hypervisor by verifying against configured good known values (Whitelists)
  • Ability to tag/verify hosts with custom attributes (Asset Tags) stored in TPM. Ex: Location attributes
  • Open Stack integration to utilize Platform Trust and asset tags for advanced VM management
  • Mutual SSL authentication supported across all the communication channels
  • RESTful API interface for easier 3rd party integration
  • Audit logging for all changes including tracking of the host trust status changes
  • Self-extracting installers for ease of setup & Reference UI portal
  • User defined TLS policy management for host’s connections

Open CIT 2.2 currently supports the following Distributions and OpenStack versions for our extensions:

  • Ubuntu 16.04, RHEL 7.2 & RHEL 7.3, Windows Server 2012, and Hyper-V Server 2012 are supported with TPM 2.0
  • Open Stack extensions supported: Liberty & Mitaka

Please see the 3.2 Open CIT Source Code section from the Product Guide for further details on how to build and get started with Open CIT.

For more information on the project, please visit our 01.org website