Tag
This paper introduces Kettle, an attested build system that generates cryptographically verifiable software provenance using Trusted Execution Environments (TEEs). It aims to eliminate the build infrastructure and operators from the trust surface by binding provenance documents directly to hardware-signed attestation reports.