Attestable Builds: Compiling Verifiable Binaries on Untrusted Systems Using Trusted Execution Environments
In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can be understood and audited, and the final binary artifact,...