Hello and welcome back,
Dimitar from tpm.dev shared a new project:" EnactTrust, Attestation as a Service"
Dimitar allowed me to copy the article and share it with you
The article was copied from tpm.dev, Author Dimitar Tomov, https://developers.tpm.dev/posts/enacttrust
Today, I want to share with our community something that a small group of us have built to help raise the adoption of some of TPM's advanced features:
Attestation as a Service
Mitko Vasilev who helped figure out the building blocks gives this overview:
EnactTrust is Remote Attestation as a Service for Linux and Windows systems with TPM chips.
You can use the TPM hardware root of trust for reporting to verify the integrity of any file or application on the system.
Svetlozar Kalchev who helped build our cloud infrastructure, backend, and frontend, is eager to welcome early adopters and asked me to share just this line:
We are excited to announce that signups for the EnactTrust beta are now open!
You can sign-up for our beta here.
Now, let's get down to the nitty-gritty
details of how our beta works:
- Using our open-source agent app you can attest up to three nodes. The number of nodes can be unlimited
. We are starting with up to three nodes just for the beta.
- EnactTrust agent app currently has two flavors - C and Golang.
- EnactTrust agent app generates Attestation Keys under the Owner Hierarchy
of the TPM.
- EnactTrust agent app
does not use the TPM's EK public key. We want to preserve the privacy of the user's TPM and user's node that will be attested because we expect most will first test on personal computers.
- EnactTrust backend
for the public beta is cloud-based, although it could also be run on-premise. We want to offer something easy to try that does not depend on centralized servers. This is a major difference between EnactTrust and Microsoft AzureSphere or Intel's SGX.
- Every user has his own dashboard
that is web-based. It is written in React.
- After you sign up for the beta, we will send you a unique user ID.
Using this user ID you could log in to your EnactTrust dashboard.
- At the first launch of the EnacTrust agent on a new node, you have to enter your unique user ID and your node will be automatically added to your dashboard.
- Everyone who signups for our beta will be contacted when we launch EnactTrust.
I will pause with details for now and ask for feedback and questions. To join our beta sign-up here.
You could join the beta phase here: https://enacttrust.com
I'll try EnactTrust on the Pi with one LetsTrust-TPM,
Bye for now!