Skip to content

Enclave EIF — Build #85 (f324b88)

Choose a tag to compare

@github-actions github-actions released this 27 Jun 15:50

PCR0: 67fed83b157e4ae7d241f8313f2a337e90d76c92aa0b0c1dfdfcb2a9cff8ebdcfc2e5ccfaa0a47fa7f11d8f2ac30dd60
Commit: f324b88
nitro-cli: Nitro CLI 1.4.4
Built at: 2026-06-27T15:49:47Z


🇹🇷 Bu release nedir + nasıl doğrulanır

Bu release reproducible build pipeline'ından üretildi: aynı commit'ten her build aynı PCR0'ı verir (workflow içinde cache-kapalı iki kez derlenerek doğrulanır). PCR0, enclave imajının kriptografik parmak izidir.

Dosyalar:

  • enclave.eif — Nitro Enclave Image File (EC2 Graviton'a yüklenir)
  • pcr0.txt — Beklenen attestation PCR0 değeri (hex)
  • expected_pcr.json — Build metadata (PCR0, commit, nitro-cli sürümü, build zamanı)
  • nitro_cli_version.txt — Kullanılan nitro-cli sürümü

Doğrulama: (1) Kaynak açık + build yeniden-üretilebilir — repo'yu bu commit'te klonlayıp aynı iş akışını (ya da kendi Nitro ortamında nitro-cli build-enclave) çalıştırarak yukarıdaki PCR0'a ulaştığınızı teyit edebilirsiniz. (2) Canlı enclave kriptografik olarak zorlanır — mobil uygulama her handshake'te AWS Nitro attestation belgesini doğrular, PCR0'ı imzalı izin listesiyle karşılaştırır; uyuşmazsa reddeder. Ayrıntı: README.

🇬🇧 What this release is + how to verify

This release was produced by the reproducible build pipeline: every build from the same commit yields the same PCR0 (verified by building twice with cache disabled inside the workflow). PCR0 is the cryptographic fingerprint of the enclave image.

Files:

  • enclave.eif — Nitro Enclave Image File (loaded on EC2 Graviton)
  • pcr0.txt — Expected attestation PCR0 (hex)
  • expected_pcr.json — Build metadata (PCR0, commit, nitro-cli version, build time)
  • nitro_cli_version.txt — The nitro-cli version used

Verify: (1) Source is public + build is reproducible — clone the repo at this commit and re-run the same workflow (or nitro-cli build-enclave in your own Nitro environment) to confirm you reach the PCR0 above. (2) The live enclave is cryptographically enforced — on every handshake the mobile app verifies the AWS Nitro attestation document and compares PCR0 against a signed allow-list, rejecting any mismatch. Details: README.