-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reproducible builds for enclave binaries #1467
Comments
It's non-reproducible because the binary is signed using SCRT Labs' private key. It is reproducible if we use the same private key. IMO the next step to gain more trust is to migrate to a new multisig private key, but that is a huge undertaking as you have to also reencrypt the entire encrypted state. |
Hey, thanks for providing feedback! Regarding the topic of verifying whether an enclave binary matches some source code, as far as I understand, if the code hasn't changed (i.e. same commit hash) and the toolchain to build the enclave binary yields bit-for-bit reproducible builds, then the enclave hash (aka The For instance, given a signed enclave binary, the Example: getting the
>>> import struct
>>> with open('enclave_css', 'rb') as f:
... sigstruct = f.read()
...
>>> bytes(struct.unpack_from("<32B", sigstruct, 960)).hex()
'7658396785d7a041e502ca8ec194fd513abffc8aea88426ca687b86ad6df5388' To verify whether a signed enclave binary matches some source code, one can just rebuild the enclave binary from the source code and sign it with a dummy key and use the This works as long as the enclave binary can be rebuilt from source, bit-for bit, hence the motivation for reproducible builds. |
Opening this issue as an entry point to discuss the implementation of whatever is necessary to provide reproducible builds for enclave binaries (
librust_cosmwasm_enclave.signed.so and
tendermint_enclave.signed.so`).The underlying assumption is that it is potentially a desired goal, judging from the
README.md
text under https://github.com/scrtlabs/SecretNetwork#build-from-source:The two main benefits of having reproducible builds would be:
The text was updated successfully, but these errors were encountered: