Amend README to mention custom-built enclave kernel

brave · Aug 26, 2024 · 9922e14 · 9922e14
1 parent 04234f2
commit 9922e14
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,7 +13,7 @@ base64 = "0.22.1"
 bincode = "1.3.3"
 calendar-duration = "1.0.0"
 clap = { version = "4.5.4", features = ["derive"] }
-ppoprf = { version = "0.4.0", path = "../sta-rs/ppoprf" }
+ppoprf = { version = "0.4.0", features = ["key-sync"], path = "../sta-rs/ppoprf" }
 reqwest = { version = "0.12.5", default-features = false, features = ["charset", "macos-system-configuration"] }
 rlimit = "0.10"
 serde = "1.0.200"

diff --git a/README.md b/README.md
@@ -75,3 +75,13 @@ Below is an example of the server's response:
 
 Note that the array's ordering matters.  The point at index *n* of the server's
 response corresponds to the point at index *n* of the client's request.
+
+Reproducible builds
+----
+Executing `make eif` will render a reproducible Nitro Enclave image. The ID of the image
+can be compared the with image ID in the attestation document served at https://star-randsrv.bsg.brave.com/enclave/attestation
+for auditing purposes (See [nitriding-daemon](https://github.com/brave/nitriding-daemon) for details).
+Currently, there is an outstanding kernel leak bug within the stock kernel packaged
+with the aws-nitro-enclaves-cli. A [custom-built kernel](https://github.com/brave-experiments/nitro-enclave-kernel) must be
+used when building the image.
+