Brussels / 3 & 4 February 2024


Reproducible builds for confidential computing: Why remote attestation is worthless without it

A key component of Confidential Computing is the validation of TCB measurements using remote attestation. Validating these measurements requires a set of trusted reference values. But where do these opaque values come from? Today, they are often provided by a third party, without mechanisms for auditing the trustworthiness or origin of reference values. We want to make CC offerings auditable, allowing end users to read the source code, reproduce binary artifacts, generate reference values from the artifacts and verify the deployed system (using remote attestation). Every part of the TCB needs to be open source and reproducible. We will cover the status quo of how reference values are used in CC. We show what the main difficulties and sources of non-determinism are. Based on a minimal open source example, we explain how we build fully reproducible OS images with mkosi and nix - all the way from source code in Git to the reference values for remote attestation. The presented code is the base for images used in both Constellation and the Confidential Containers project.


Malte Poll
Photo of Paul Meyer Paul Meyer