Sorry, you need to enable JavaScript to visit this website.

Open Cloud Integrity Technology (Open CIT)

Open CIT is the attestation solution, replacing Open Attestation. Open CIT provides visibility into the cloud datacenter by leveraging Intel processors with Intel® Trusted Execution Technology (Intel® TXT)


BY Adolfo Vega Aguayo ON Nov 09, 2016

Open CIT 2.2 has been released which adds support for TPM 2.0 for Linux and Windows.  To learn more about our previous release, click here.


Click here to learn what Open CIT is.


Open CIT 2.2 Features

  • TPM 2.0 support.
    • Added support for platform and asset tag attestation of Linux and Windows hosts with TPM 2.0.
    • Support attestation of either SHA1 or SHA256 PCR banks on TPM 2.0.
    • Ubuntu 16.04 and RHEL 7.2, 7.3 (SHA1 and SHA256), Windows Server 2012 and Hyper-V Server 2012 (SHA1) are supported with TPM 2.0
  • All the certificates and hashing algorithms used in CIT are upgraded to use SHA256.  SHA1 has been deprecated and will no longer be used.
  • CIT Attestation Service UI has been updated to allow the user to select either the SHA1 or SHA256 PCR bank for Attestation of TPM 2.0 hosts.
    • The CIT  Attestation Service will automatically choose the strongest available algorithm for attestation (SHA1 for TPM 1.2, and SHA256 for TPM 2.0)
  • CIT Attestation Service UI Whitelist tab no longer requires the user to select PCRs when whitelisting, and will automatically choose the PCRs to use based on the host OS and TPM version.  This is done to reduce confusion due to differing behaviors between TPM 1.2 and TPM 2.0 PCR usages.
  • Additional changes made to support TPM 2.0
    • Linux hosts with TPM 2.0 will now utilize TPM2.0-TSS (TPM 2.0 Software Stack) and TPM2.0-tools instead of the legacy trousers and tpm-tools packages. The new TSS2 and TPM2.0-tools are packaged with the CIT Trust Agent installer.
    • TPM 2.0 Windows hosts use TSS.MSR (The TPM Software Stack from Microsoft Research) PCPTool.
    • TPM 1.2 hosts will continue to use the legacy TSS stack (trousers) and tpm-tools components.


New Prerequisites required for TPM 2.0 Support

  • Kernel Driver must support TPM 2.0
    • RHEL 7.2 kernel version 10.0-327 or higher with latest update. Ubuntu 16.04 kernel needed is 4.4.
  • Tboot version used for TPM 2.0 is tboot 1.9.4 or higher.


Downloading Open CIT

Product Guide

Extending Open Stack

Source Code

CIT 2.2 Product Guide

Liberty           Mitaka