You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My company is developing several nitro-based applications and one of the issues we've run into is that of reproducibility. Even if the source code for our application remains the same, it is possible to produce EIFs with different PCR0-2 values depending on the platform and version of the nitro-cli that was used when compiling said EIFs.
So, I've been updating our build pipeline to explicitly enforce and/or check for the correct platform, nitro-cli version, and build asset sha384sum values. During this process, however, I noticed that the blobs for release v1.3.4 on this repo do not match those installed by dnf aws-nitro-enclaves-cli-devel-1.3.4. Specifically, the init, linuxkit, and nsm.ko blobs are not the same.
My company is developing several nitro-based applications and one of the issues we've run into is that of reproducibility. Even if the source code for our application remains the same, it is possible to produce EIFs with different PCR0-2 values depending on the platform and version of the nitro-cli that was used when compiling said EIFs.
So, I've been updating our build pipeline to explicitly enforce and/or check for the correct platform, nitro-cli version, and build asset sha384sum values. During this process, however, I noticed that the blobs for release
v1.3.4on this repo do not match those installed bydnf aws-nitro-enclaves-cli-devel-1.3.4. Specifically, theinit,linuxkit, andnsm.koblobs are not the same.The
sha384sumvalues for the gh x86 blobs are:{ "nitro-cli-version": "1.3.4", "bzimage-sha384": "127b320741835315a4b05fd4b7d063771d9097af887a42296809ff1f98971ec99a1c5f865cfa8be2b3562547369821c4", "bzimage-config-sha384": "e9704ca3fee1f01a0d0a5a7a1aff588999122983032ac2615c4a158ba318febf55dbd9b059f51e189a028a7f647d9d35", "cmdline-sha384": "cefb9209bc63dbab600937db2c945fd08d5a9a97b74ead867b4487920bf2b7914a9b4f569bb9aabb884044a221ab0b0f", "init-sha384": "ba660d640a91dbebffd62dc272e9d88fba86c0ed67f5ca643f5f028db00333305302070c0cdd2c5231383b99b6488959", "linuxkit-sha384": "11840b0b19f89b37b4bc12cae670d26d7b9ff197e63b3db15e5b53001b645e36bfc0c17945d779c075de23053878303d", "nsm-sha384": "993d1f27554ffa16672a06a3ce0c84bd862c05bbec5eccd69fab94414f4d4ea37e2520aa60bc2c9c5d3ad2c5d4657b50" }The
sha384sumvalues for the dnf x86 blobs are:{ "nitro-cli-version": "1.3.4", "bzimage-sha384": "127b320741835315a4b05fd4b7d063771d9097af887a42296809ff1f98971ec99a1c5f865cfa8be2b3562547369821c4", "bzimage-config-sha384": "e9704ca3fee1f01a0d0a5a7a1aff588999122983032ac2615c4a158ba318febf55dbd9b059f51e189a028a7f647d9d35", "cmdline-sha384": "cefb9209bc63dbab600937db2c945fd08d5a9a97b74ead867b4487920bf2b7914a9b4f569bb9aabb884044a221ab0b0f", "init-sha384": "1fd666e409e75d4f3b0b75f7e82ae550a41a7b2058201e1e99685b9e60709bc0c87640ccac64245dc507fc0f01bf235f", "linuxkit-sha384": "9ec3efc3cbfd65298ac4c7308ccd8928d6ec193fa9f6c86ae999e8dfe9f21d9fc281e86f6d50f93e7286d56f6e903ddd", "nsm-sha384": "2357cb0e97f45db3fa998f1d9b530cc8bb1bfc63b1060a0d10246aa0b72a22ea94964ed8fea02cb6614ec46ec78192cd" }Just thought I would let y'all know in case anyone runs into a similar issue.
The text was updated successfully, but these errors were encountered: