Build Environment track

Rationale

Today’s hosted build platforms play a central role in an artifact’s supply chain. Whether it’s a cloud-hosted service like GitHub Actions or an internal enterprise CI/CD system, the build platform has a privileged level of access to artifacts and sensitive operations during a build (e.g., access to producer secrets, provenance signing).

This central and privileged role makes hosted build platforms an attractive target for supply chain attackers. But even with strong economic and reputational incentives to mitigate these risks, it’s very challenging to implement and operate fully secure build platforms because they are made up of many layers of interconnected components and subsystems.

The SLSA Build Environment track aims to address these issues by making it possible to validate the integrity and trace the provenance of core build platform components.

Track overview

The SLSA Build Environment (BuildEnv) track describes increasing levels of integrity and trustworthiness of the provenance of a build’s execution context. In this track, provenance describes how a build image was created, how the hosted build platform deployed a build image in its environment, and the compute platform they used.

Track/Level	Requirements	Focus	Trust Root
BuildEnv L0	(none)	(n/a)	(n/a)
BuildEnv L1	Signed build image provenance exists	Tampering during build image distribution	Signed build image provenance
BuildEnv L2	Attested build environment instantiation	Tampering via the build platform’s control plane	The compute platform’s host interface
BuildEnv L3	Hardware-attested build environment	Tampering via the compute platform’s host interface	The compute platform’s hardware

:warning: The Build Environment track L1+ currently requires a hosted build platform. A future version of this track may generalize requirements to cover bare-metal build environments.

:grey_exclamation: We may consider the addition of an L4 to the Build Environment track, which covers hardware-attested runtime integrity checking during a build.

Build environment threats

TODO

BuildEnv levels

The primary purpose of the Build Environment (BuildEnv) track is to enable auditing that a build was run in the expected execution context.

The lowest level only requires SLSA Build L2 Provenance to exist for the build image, while higher levels provide increasing auditability of the build environment’s properties and integrity of the generated provenance attestations. The highest levels introduce further requirements for hardware-assisted hardening aimed at reducing the trusted computing base of a build.

Software producers and third-party auditors can check attestations generated by the build image producer and build platform against the expected properties for a given build environment. This enables any party to detect several classes of supply chain threats originating in the build environment.

As in the Build track, the exact implementation of this track is determined by the build platform provider, whether they are a commercial CI/CD service or enterprise organization. While this track describes general minimum requirements, this track does not dictate the following implementation-specific details: the type of build environment, accepted attestation formats, the type of technologies used to meet L3 requirements, how attestations are distributed, how build environments are identified, and what happens on failure.

BuildEnv L0: No guarantees

Summary: No requirements—L0 represents the lack of any sort of build environment provenance.
Intended for: Development or test builds of software that are built and run on a local machine, such as unit tests.
Requirements: n/a
Benefits: n/a

BuildEnv L1: Signed build image provenance exists

Summary

The build image (i.e., VM or container image) used to instantiate the build environment has SLSA provenance showing how the image was built.

Intended for

Build platforms and organizations wanting to ensure a baseline level of integrity for build environments at the time of build image distrbution.

Requirements

Build Image Producer:
- MUST automatically generate SLSA Build L2 or higher Provenance for created build images (i.e., VM or container images).
- MUST allow independent automatic verification of a build image’s SLSA Provenance. If the build image artifact cannot be published, for example due to intellectual property concerns, an attestation asserting the expected hash value of the build image MUST be generated and distributed instead (e.g., using SCAI or a Release Attestation). If the full Provenance document cannot be disclosed, a VSA asserting the build image’s SLSA Provenance MUST be distributed instead.
Build Platform:
- MUST meet SLSA Build L2 requirements.
- Prior to the instantiation of a new build environment, the SLSA Provenance for the selected build image MUST be automatically verified. A signed attestation to the result of the SLSA Provenance verification MUST be generated and distributed (e.g., via a VSA).

Benefits

Provides evidence that a build image was built from the advertised source and build process.

BuildEnv L2: Attested build environment instantiation

Summary

The build environment is measured and authenticated by the compute platform upon instantiation, attesting to the integrity of the initial state of the environment prior to executing a build.

Intended for

Organizations wanting to ensure that their build started from a clean, known good state.

Requirements

All of BuildEnv L1, plus:

Build Image Producer:
- Build images MUST be created via a SLSA Build L3 or higher build process.
- MUST automatically generate and distribute signed reference values for the following build image components: bootloader or equivalent, guest kernel, build agent, build executor, and root filesystem (e.g., via the image’s SLSA Provenance, or SCAI). Additional build image components whose initial state is to be checked MAY be also measured.
- The build agent MUST be capable of:
  - Upon completion of the boot process: Automatically interfacing with the host interface to obtain and transmit a signed quote for the build environment’s system state.
  - Upon build dispatch: Automatically generating and distributing a signed attestation that binds its boot process quote to the assigned build ID (e.g., using SCAI).
Build Platform Requirements:
- MUST meet SLSA Build L3 requirements.
- Prior to dispatching a tenant’s build to an instantiated environment, a signed quote MUST be automatically requested from the build agent, and the contained measurements verified against their boot process reference values. A signed attestation to the result of the verification MUST be generated and distributed (e.g., via a VSA).
Compute Platform Requirements:
- The host interface MUST be capable of generating signed quotes for the build environment’s system state. In a VM-based environment, this MUST be achieved by enabling a feature like vTPM, or equivalent, in the hypervisor. For container-based environments, the container orchestrator MAY need modifications to produce these attestations.
- The host interface MUST validate the measurements of the build image components against their signed references values during the build environment’s boot process. In a VM-based environment, this MUST be achieved by enabling a process like Secure Boot, or equivalent, in the hypervisor. For container-based environments, the container orchestrator MAY need modifications to perform these checks.¹
- Prior to instantiating a new build environment, the host interface MUST automatically verify the SLSA Provenance for the selected build image. A signed attestation to the verification of the build image’s SLSA Provenance MUST be automatically generated and distributed (e.g., via a VSA).

Benefits

Provides evidence that a build environment deployed by a hosted build platform was instantiated from the expected build image and is at the expected initial state, even in the face of a build platform-level adversary.

BuildEnv L3: Hardware-attested build environment

Summary

The initial state of the build’s host environment is measured and authenticated by trusted hardware, attesting to the integrity of the build environment’s underlying compute stack prior to executing a build.

Intended for

Organizations wanting strong assurances that their build ran on a good known host environment.

Requirements

All of BuildEnv L2, plus:

Build Image Producer:
- Upon completion of the boot process: The build agent MUST be capable of automatically interfacing with the trusted hardware component to obtain a signed quote for the host interface’s boot process and the environment’s system state.
- Upon build dispatch: The generated dispatch attestation MUST include the host interface’s boot process quote.
Build Platform Requirements:
- Prior to dispatching a tenant’s build to an instantiated environment, the measurements in the host interface’s boot process quote MUST be automatically verified against their reference values. A signed attestation to the result of the verification MUST be generated and distributed (e.g., via a VSA).
Compute Platform Requirements:
- MUST have trusted hardware capabilities, i.e., built-in physical hardware features for generating measurements and quotes for its system state. This SHOULD be achieved using a feature like TPM, confidential computing, or equivalent.
- MUST enable validation of the host interface’s boot process against its reference values. This MUST be achieved by enabling a process like Secure Boot, or equivalent, in the host platform.

Benefits

Provides hardware-authenticated evidence that a build ran in the expected host environment, even in the face of a compromised host interface (hypervisor/container orchestrator).

Considerations for Distributed Builds

TODO

Since containers are executed as processes on the host platform they do not contain a traditional bootloader that starts up the execution context. ↩

‹ Verifying build platforms Threats & mitigations ›