From 9922e14419014c1bfd870e395ed03dceae53706e Mon Sep 17 00:00:00 2001 From: Darnell Andries Date: Fri, 2 Aug 2024 17:40:53 -0700 Subject: [PATCH] Amend README to mention custom-built enclave kernel --- Cargo.toml | 2 +- README.md | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 900d496..a7e8333 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,7 @@ base64 = "0.22.1" bincode = "1.3.3" calendar-duration = "1.0.0" clap = { version = "4.5.4", features = ["derive"] } -ppoprf = { version = "0.4.0", path = "../sta-rs/ppoprf" } +ppoprf = { version = "0.4.0", features = ["key-sync"], path = "../sta-rs/ppoprf" } reqwest = { version = "0.12.5", default-features = false, features = ["charset", "macos-system-configuration"] } rlimit = "0.10" serde = "1.0.200" diff --git a/README.md b/README.md index 3e7cd42..0920d0e 100644 --- a/README.md +++ b/README.md @@ -75,3 +75,13 @@ Below is an example of the server's response: Note that the array's ordering matters. The point at index *n* of the server's response corresponds to the point at index *n* of the client's request. + +Reproducible builds +---- +Executing `make eif` will render a reproducible Nitro Enclave image. The ID of the image +can be compared the with image ID in the attestation document served at https://star-randsrv.bsg.brave.com/enclave/attestation +for auditing purposes (See [nitriding-daemon](https://github.com/brave/nitriding-daemon) for details). +Currently, there is an outstanding kernel leak bug within the stock kernel packaged +with the aws-nitro-enclaves-cli. A [custom-built kernel](https://github.com/brave-experiments/nitro-enclave-kernel) must be +used when building the image. +