Skip to content

mjlshen/spiffe_fog

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TPM Attestation for Distributed Edge Computing

This is a project demonstrating leveraging the TPM remote attestation protocol to provision SPIFFE X.509 SVIDs. Most of the work was done for the 2022 Student Design Competition on Networked Computing at the Edge and is meant to demonstrate how painless it can be to generate short-lived X.509 certificates to support mTLS at the edge.

Quick Start

Dependencies

  • Go 1.22

Building

A Dockerfile is provided if a container is desired, but to build binaries for your local architecture:

make

Running

The server binary will expose a gRPC server listening for TPM attestation challenges

# Starts listening on port 8080 by default
./server

The client binary will send a TPM attestation request to a specific server. Since it needs to interact with the TPM, it needs to be run with elevated privileges.

# Sends an attestation request to localhost:8080 by default
sudo ./client -insecure
# If the target supports TLS the -insecure flag can be dropped
sudo ./client -host "cloud.run.app:443"

Regenerating protobuf code

This requires additional dependencies - if you use the nix package manager, a flake is provided to get these setup.

  • protobuf v3.19.0
  • protoc-gen-go v1.28.0
  • protoc-gen-go-grpc v1.2.0

If the protobuf definitions are modified, the generated code will need to be updated:

make gen

TPM Attestation Protocol

TPM Attestation Protocol

About

TPM Attestation for Distributed Edge Computing

Resources

Stars

Watchers

Forks