Does it also run the container in a TEE to attest to code execution, or does it only use a TPM to load the keys for signing resources? Either way, it sounds like a very cool idea! I have to dive into the code.
It doesn't use a TEE or a real TPM. I may try to simulate a TPM to get a better feel for what working with that is like, or maybe use the secure enclave. The main thing the project demonstrates is verifying the integrity of files in one container to another container - similar to how measured boot work in remote attestation (or at least my understanding of it).
1 comments