RATS Framework
RATS (Remote ATtestation procedureS) is the IETF framework (RFC 9334) that defines the roles, data flows, and conceptual model for remote attestation. Ratatouille is an implementation of the RATS architecture.
RFC 9334 is the authoritative reference: RFC 9334 RATS Architecture
RATS roles
Section titled āRATS rolesāThe Attester produces evidence about its own trustworthiness; in Ratatouille, this is the agent machine running the Keylime Rust agent with its TPM. The Verifier appraises evidence against reference values and produces attestation results; in Ratatouille, this is the Keylime verifier, polling every ~10 seconds. The Relying Party consumes attestation results to make trust decisions: an FBI system, API gateway, secrets vault, or any other system that requires a verified platform signal. The Reference Value Provider produces the reference values (what the Attester should measure); in Ratatouille, this is the policy author via a signed Git push. The Endorser vouches for the Attesterās hardware: the TPM manufacturer, through the EK certificate chain.
RATS data flows
Section titled āRATS data flowsāThe RATS architecture defines two primary topologies:
Passport model ā The Attester presents pre-obtained attestation results to the Relying Party directly. The Verifier is not in the critical path of the access request.
Background check model ā The Relying Party queries the Verifier in real time to appraise Evidence that the Attester presents. Ratatouille uses a variant of this: the verifier runs continuously in the background, and its running verdict is what the Relying Party queries.
Evidence, endorsements, and attestation results
Section titled āEvidence, endorsements, and attestation resultsāEvidence is the raw claims from the Attester: PCR values, IMA log, and TPM quote with nonce. Evidence is only meaningful in combination with Reference Values. Endorsements are background checks on the Attesterās hardware: the TPM manufacturerās EK certificate chain, which the Keylime registrar verifies during enrollment. Reference Values are the approved baseline: the Ratatouille runtime policy, expressed as a set of approved IMA measurement hashes, signed by an authorized identity and verified by the Verifier. The Attestation Result is the Verifierās verdict (TRUSTED or FAILED), produced by comparing Evidence against Reference Values. This is what Ratatouille surfaces in the UI and API.
Freshness
Section titled āFreshnessāRATS explicitly addresses the freshness problem: an attestation result from yesterday tells you nothing about the machineās state today.
Ratatouille addresses freshness two ways:
-
Continuous polling: the verifier polls every ~10 seconds. Attestation results are bounded to at most ~10 seconds stale.
-
Nonce-based challenges: each TPM quote request includes a fresh nonce. The TPM quote is only valid for that nonce. Replaying an old quote fails verification.
For Relying Parties that need a freshness guarantee before an access decision (e.g., the FBI database access case), Ratatouilleās attestation token issuance will enforce a maximum staleness bound: you only get a token if the most recent successful attestation was within the last N seconds.
Further reading
Section titled āFurther readingāRFC 9334 is the authoritative RATS Architecture specification. Keylime documentation covers the verifier and agent implementation Ratatouille builds on. Sigstore documentation covers the policy signing infrastructure. The Remote Attestation Primer is Ratatouilleās practical overview of RA concepts for readers who want the mechanics without reading the full RFC.