The CMC repository provides tools and software to enable remote attestation of computing platforms, as well as remote attested TLS and HTTPS channels between those platforms. Currently, the CMC repository supports Trusted Platform Module (TPM) attestation, as well as AMD SEV-SNP attestation. The goal is to make attestation easy for verifiers without prior knowledge of the software stack, based on a set of trusted CAs and signed metadata describing the software stack.
A detailed description of the architecture can be found in our paper and in the documentation
- A Linux platform
- For TPM attestation, access to
/dev/tpmrm0
or/dev/tpm0
. - For AMD SEV-SNP an SNP-capable AMD server and an SNP VM with access to
/dev/sev-guest
- Building the cmcd requires go (https://golang.org/doc/install)
- Building AWS Firmware (OVMF) for running the CMC within AWS AMD SEV-SNP virtual machines requires Nix
The CMC repository contains a complete local TPM-based example setup including a demo CA and all required configurations and metadata. It was tested on Ubuntu 22.04 LTS.
⚠️ Note: You should run this only for testing on a development machine, or inside a Virtual Machine (VM). The software directly interacts with the TPM
Clone the repository:
git clone https://github.com/Fraunhofer-AISEC/cmc.git
Create a demo PKI and all required metadata:
./cmc/example-setup/setup-cmc <cmc-folder> <metadata-folder> json
<cmc-folder>
is the relative or absolute path to the cloned cmc
repository.
<metadata-folder>
is an arbitrary folder that will be created and that will store metadata and
configuration files. json
specifies JSON as the serialization format. cbor
is possible as well.
For the JSON example configuration folders to work without modifications, choose as <metadata-folder>
the folder cmc-data
located in the same root folder the cmc
repository resides in.
Export this root folder as $CMC_ROOT
.
The tools can generate and verify attestation reports, establish attested TLS connections and establish attested HTTPS connections. For detailed instructions refer to Manual Setup
# Start the EST server that supplies the certificates and metadata for the cmcd
./estserver -config $CMC_ROOT/cmc-data/est-server-conf.json
# Build and run the cmcd
./cmcd -config $CMC_ROOT/cmc-data/cmcd-conf.json
# Run an attested TLS server
./testtool -config $CMC_ROOT/cmc-data/testtool-conf.json -mode listen
# Run an attested TLS client estblishing a mutually attested TLS connection to the server
./testtool -config $CMC_ROOT/cmc-data/testtool-conf.json -mode dial
Note: The cmcd TPM provisioning process includes the verification of the TPM's EK certificate
chain. In the example setup, this verification is turned off, as the database might not contain
the certificate chain for the TPM of the machine the cmcd is running on. Instead, simply a
warning is printed. The intermediate and root CA for this chain can be downloaded from the TPM
vendor. The certificates can then be added in to the cmc/example-setup/tpm-ek-certs.db
database. The verifyEkCert
parameter in the estserver config can then be set to true.
An overview of the architecture is given in Architecture.
The tools can be configured via JSON configuration files and commandline flags. For an explanation,
each binary can be run with the -help
flag. All configuration options are explained in the
Configuration Documentation.
For instructions on creating and signing the metadata with an arbitrary PKI yourself, see Manual Setup
Usually, the attested TLS or HTTPS libraries are used within own projects to provide attestation for TLS or HTTPS connections, as described in Integration
For an alternative demo setup with a more complex PKI and policies based on the requirements of the International Data Spaces (IDS), see IDS Example Setup