Remote ATtestation

Platform integrity
you can
prove.

Automated remote attestation for Linux machines with TPM 2.0.

How It Works

or just get started…

$ curl -1sLf 'https://dl.cloudsmith.io/public/ratatouille/ratatouille/setup.deb.sh' | sudo bash && sudo apt install rat

One CLI for your whole fleet. Manage from your laptop or enroll a Linux machine directly.

— TRUSTED · — VERIFYING · polling every ~10s

Attesting your machines shouldn't require a PhD.

Keylime and Sigstore are powerful attestation tools for Linux when used with TPM 2.0, IETF RATS, and proper CI/CD workflows. But deploying them means managing a registrar, a verifier, TPM-backed agent authentication, TPM quote schemas, IMA allowlists, and policy fan-out — none of which is easy or documented anywhere useful.

Ratatouille handles all of it. Generate a policy from a known-good machine, push it to Git, and every enrolled machine is continuously attested against it.

The cryptographic evidence is yours: exportable, independently verifiable, and not locked in our dashboard.

Applications Kernel Bootloader UEFI Firmware TPM 2.0 trust root
Open Standards

Adopt remote attestation. Don't rebuild it.

Ratatouille operationalizes proven open-source components. Your policies, your evidence, your cryptographic chain are all verifiable with standard tooling whether or not Ratatouille exists.

Keylime
TPM-based remote attestation and IMA log verification engine. Open source, CNCF-hosted.
Sigstore / Cosign
Keyless policy signing with no long-lived keys to manage. Every policy approval is attributable to a specific authenticated identity and permanently auditable.
Linux IMA
Kernel-level measurement of modules and executables as they load. The OS cannot alter what IMA recorded.
IETF RATS (RFC 9334)
The IETF standard defining remote attestation best practices. Ratatouille is architecturally aligned with IETF RATS RFC 9334.
How It Works

From silicon to continuous trust

01

Enroll

Install the Ratatouille agent on a device in a known-good state.

ansible / cloud-init / apt / manual
02

Baseline

Policy is built from IMA logs of modules and executables loaded since boot.

IMA log → runtime policy
03

Sign & Push

Sign the policy and push to Git. Ratatouille reads and verifies the policy signature and fans it out to your devices.

git push → webhook → fan-out
04

Verify

At a chosen interval, Ratatouille evaluates a TPM quote over IMA log entries against your policy.

TPM quote → IMA verify → PCR
05

Export

Pull a signed evidence package at any time in a format any auditor can verify independently.

rat evidence <hostname> --export
Cryptographic Trust Chain

Every link is independently verifiable.

From the chip the manufacturer burned a key into, through to the relying party's access decision. You don't have to trust Ratatouille. You can verify each link yourself.

TPM Manufacturer
Silicon root
EK
Endorsement Key
burned in silicon
AIK
Attestation Identity
Key, registered
TPM Quote
Signed PCR
snapshot + nonce
PCR 10
Extends on every
IMA measurement
IMA Log
Every ELF & module
executed since boot
Runtime Policy
Approved baseline
(GitOps, versioned)
Sigstore Sig
Authorized identity
signed the policy
Rekor Log
Public, immutable
transparency log
Attest. Token
Issued only when
all above pass
Relying Party
Auditor, API gateway,
secrets vault
Hardware-enforced
Cryptographically chained
Publicly auditable
Get Access
Try the Demo Read the Docs

Need something more bespoke?

Air-gapped deployments, custom IMA policy generation, vTPM integration on platforms we haven't documented yet, regulated-environment onboarding — reach out and we'll build it with you.

logan@ratatouille.dev