Logo trust|me

Hosted mode

trust|me containers can also be run natively on your host, using the hosted mode. This section describes how to run the hosted mode. These instructions have been tested and work on Debian 10 stable.


Have a prebuilt container image ready or build one yourself as described in Build.

Required packages

Install all required packages with the following command:

apt-get install git build-essential unzip re2c pkg-config check \
    lxcfs libprotobuf-c-dev automake libtool libselinux1-dev \
    libcap-dev protobuf-c-compiler libssl-dev udhcpd udhcpd


To install protobuf-c-text, run the following commands:

git clone https://github.com/trustm3/external_protobuf-c-text
cd external_protobuf-c-text/
./configure --enable-static=yes
make install


  1. Clone https://github.com/trustm3/device_fraunhofer_common_cml
  2. Compile and install the neccesary components with
    make -f Makefile_lsb 
    sudo make -f Makefile_lsb install


  1. Run scd once to initialize /var/lib/cml/tokens
  2. You can either push your own certificate by using cml-control push_ca or copy the ssig_rootca.cert from your build to /var/lib/cml/tokens
  3. Run scd again, this time it will start a loop and keep running
  4. Run cmld and keep it running
  5. Install your guestos as described in GuestOS configuration
  6. You can now use control as described in Basic Operation