Meeting 27/08/2025

[ansasaki]

Attendees

• @ansasaki
• @aplanas
• @deeglaze
• @edwards-n
• @ematery
• @galmasi
• @husky-parul
• @Isaac-Matthews
• @kkaarreell
• @maugustosilva
• @mayaCostantini
• @marcostork
• @mdrocco
• @mbestavros
• @mheese
• @mruffin
• @mpeters
• Niteesh Dubey
• @ruocco
• @stringlytyped
• @stefanberger
• @THS-on
• @tpletcher-hpe
• @tylerfanelli
• @ueno
• @sarroutbi
• @sergio-correia
• @gnurugs
• Shiva Dasari
• Christian Schilling

Time: 27/08/2025 15:00 UTC (https://www.timeanddate.com/worldclock/fixedtime.html?msg=Keylime+Meeting\&iso=20250827T15)

Google Meet joining info
Video call link: https://meet.google.com/nos-bkdi-cnn
Or dial: ‪(DE) +49 30 300195060‬ PIN: ‪607 390 654 8381‬#
More phone numbers: https://tel.meet/nos-bkdi-cnn?pin=6073906548381
Or join via SIP: sip:6073906548381@gmeet.redhat.com

Topics

• Push model updates
  • #keylime-push-attestation channel on CNCF Slack
  • Publicly accessible project: Agent-driven attestation
  • Continuous attestation is now working
    • There are still fixes needed for error states
  • We have an end-to-end test proposed
    • Introduce functional/push-attestation-on-localhost RedHat-SP-Security/keylime-tests#821
• Keylime and Post-Quantum Cryptography
• Mentorship project CMW, EAT in collaboration with Veraison
  • Veraison Mentorship: Harmonizing Open-Source Verifiers with RATS Standards veraison/.github#6
• Enhancements:
  • 123_verifier_evidence_types123_verifier_evidence_types enhancements#124
    • Add support for other evidences types to the evidence verification endpoint
    • Please review, it will be merged if no objections are raised
  • 126_verify_evidence_jwt 126_verify_evidence_jwt enhancements#127
    • Add JWT format response for the one-shot attestation endpoint
    • Please review, it will be merged if no objections are raised
• Open PRs:
  • Keylime:
    • #1788 - verify/evidence: Add evidence types, SEV-SNP verification
    • #1781 - fix: resolve extreme line-too-long violations in keylime/tenant.py
    • #1777 - Add support for CMW evidence format - server side
    • #1731 - Push authentication
    • #1715 - Allow separate CA and logging configurations for components
    • #1693 - Add agent-driven (push) attestation protocol
    • #1670 - Add webhook for receiving and modifying registrar identity trust decisions
    • #1668 - Add support for EK Certificate Chain, resolves #1552
    • #1545 - Add support for a reject list in runtime policy
  • Agent:
    • #1092 - Add 6 alphanumeric lowercase X-Request-ID header
    • #1091 - build(deps): bump anyhow from 1.0.98 to 1.0.99
    • #1089 - build(deps): bump pest_derive from 2.8.0 to 2.8.1
    • #1086 - build(deps): bump thiserror from 2.0.12 to 2.0.16
    • #1085 - build(deps): bump tempfile from 3.20.0 to 3.21.0
    • #1084 - build(deps): bump syn from 2.0.90 to 2.0.106
    • #1082 - config: Use the singleton pattern to avoid reading the files multiple times
    • #1068 - keylimectl: A replacement for keylime_tenant in rust
    • #1051 - add support for CMW evidence format - agent side
    • #986 - Update rust-config to 0.15
    • #658 - Remove deprecated zmq revocation notification feature