Skip to content

Daemon: emit signed self-measurement for control-plane integrity verification #683

Description

@hsinatfootprintai

Generic integrity capability. The daemon periodically emits a signed self-measurement on a heartbeat — hashes of the daemon binary, loaded eBPF program(s), and policy/config state — signed with the node's identity key (TPM-backed if a TPM is present, software-signed otherwise). The control plane verifies it to detect tampering on a node whose owner has root.

Node-side half only; the control-plane verification + quarantine action lives elsewhere. Reuse the existing peer identity / sentinel-fetched cert plumbing (internal/server/peer.go, peer_pki.go) for the signing key.

Acceptance: daemon emits a signed measurement on a configurable heartbeat; measurement covers daemon binary + eBPF + policy hashes; signature verifiable with the node's published identity; safe no-op when no signing key is configured.

Part of a control-plane capacity-pooling / integrity effort (internal tracking: FootprintAI/Containarium-cloud#491; the control-plane verification counterpart is FootprintAI/Containarium-cloud#508).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecuritySecurity hardening / defensive features

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions