To aid better visibility into the state of the source code that was used to build the scitt enclave, mrenclave measurement was added to the receipt headers. Should increase the root of trust of this service.
Contrary to just the DID or service identity this ensures one can look up the source code and to find and rebuild the same version locally. If does not solve the problem how to find the correct source code version though, that could be solved by printing the value in the releases on GitHub, but for now mrenclave is printed in the CI build.
To aid better visibility into the state of the source code that was used to build the scitt enclave,
mrenclave
measurement was added to the receipt headers. Should increase the root of trust of this service.Contrary to just the DID or service identity this ensures one can look up the source code and to find and rebuild the same version locally. If does not solve the problem how to find the correct source code version though, that could be solved by printing the value in the releases on GitHub, but for now mrenclave is printed in the CI build.