Blocky AS enables secure and verifiable execution of WebAssembly (WASM) functions. While there exist many tools for compiling your preferred language (e.g., Go, Rust, C/C++, Python, JavaScript) down to WASM, our compilation tool does so in a way that is reproducible. Meaning, the same source code will always produce the same WASM binary. Reproducibility is essential for the TEE attestation and verification process. Without reproducible builds, we cannot definitively prove that the application running on a TEE was built with our source code.
Follow the steps below to reproducibly compile a Go program with the Blocky Compiler.
Clone the Blocky AS examples repository and navigate to the
attest_fn_calldirectory:git clone --branch main git@github.com:blocky/attestation-service-examples.git cd attestation-service-examples/attest_fn_callHere we have a simple Go program, main.go, that contains a
helloWorldfunction://export helloWorld func helloWorld(inputPtr uint64, secretPtr uint64) uint64 { msg := "Hello, World!" return basm.WriteToHost([]byte(msg)) }Compile main.go to WASM:
bky-c build --reproducible . ./main.wasmTake a "measurement" (i.e., a hash) of the WASM binary:
which outputsopenssl dgst -sha3-512 ./main.wasmSHA3-512(./main.wasm)= 9f644e9815fd94b44a0376718563353376b99feafd8fafe8ba1f59e746e073ea16388afb9be633566158dc62bc472ab8eaa39e44d4e0702797be34bc04f61fecRepeat steps 3 and 4, and you should get the same hash value. This indicates that our wasm binary is bit-for-bit the same across compilations.
You have now successfully compiled a Go program to WASM. Continue on to the next section where we demonstrate how to run your program with the Blocky AS CLI tool.