A Model Context Protocol (MCP) server for Keylime, the remote attestation framework for cloud and edge systems.
This MCP server is a helper tool for working with Keylime. You need:
- A running Keylime verifier and Keylime registrar
- Keylime agents to monitor
- Network access to the Keylime API endpoints
- MCP Client (Claude Desktop, Cline, etc.) OR Podman for containers
There are two ways to use this MCP server:
Build the server:
make mcpYou can move the binary anywhere you want (e.g., `/usr/local/bin/server).
Add to your MCP client config (e.g., ~/.config/Claude/claude_desktop_config.json):
{
"mcpServers": {
"keylime": {
"command": "/full/path/to/keylime-mcp/backend/server",
"env": {
"KEYLIME_CERT_DIR": "/full/path/to/keylime/certs/dir"
}
}
}
}Replace /full/path/to/keylime-mcp with your actual path!
Replace /full/path/to/keylime/certs/dir with your cert directory! Certs should be in /var/lib/keylime/cv_ca but need read permissions.
Restart your MCP client. Done.
make build
make upAccess at http://localhost:3000
Run locally without containers:
# Backend
cd backend && go run *.go
# Frontend
cd frontend && pnpm devmake build- Build containersmake up- Start containersmake down- Stop containersmake logs- View logsmake clean- Remove everythingmake ps- List containersmake help- Show all commandsmake mcp- Build MCP server binary file
- Backend: Go 1.23
- Frontend: React + TypeScript + Vite + Tailwind + shadcn/ui
- Container: Podman
Keylime is an open-source remote attestation framework that provides:
- Measured Boot verification via TPM
- Runtime Integrity monitoring with IMA
- Secure Enrollment and key management
- Policy-based Attestation with automated responses
Contributions are welcome! This is an experimental project to explore MCP integration with Keylime.
Apache-2.0