Kettle is a build system that runs software compilation inside a trusted execution environment (a hardware-isolated virtual machine) and produces a cryptographically signed provenance document listing the source commit, dependencies, toolchain, build environment, and output artifact hashes. The TEE hardware signs the document's hash, so the signature chains to the chip vendor's root of trust rather than the build operator. Because the VM image is reproducible, verifiers can check one signature and a few hashes without re-running the build or trusting the infrastructure operator.
Main takeaways:
- Builds run in a confidential VM that produces a provenance document (source commit, dependencies, toolchain, environment, output hashes)
- The TEE hardware signs the document's SHA-256 hash, chaining trust to the chip vendor instead of the build operator
- The VM image is reproducible, so its launch measurement is public and stable — verifiers can pre-attest the VM before submitting source
- Source code can be delivered over TLS terminated inside the VM, so the build host never sees plaintext source
- Verification reduces to one signature check and a few digest comparisons; no need to re-execute the build or trust the artifact distribution channel