misc/AMDSEV: strengthen reproducible build guarantees

Author: kariy

misc/AMDSEV/README.md

@@ -194,12 +194,46 @@ Use `ovmf-metadata` to inspect the OVMF firmware's SEV metadata sections:
 
 ## Reproducible Builds
 
-Set `SOURCE_DATE_EPOCH` for deterministic output:
+`SOURCE_DATE_EPOCH` is required for deterministic builds:
 
 ```sh
-SOURCE_DATE_EPOCH=$(git log -1 --format=%ct) ./misc/AMDSEV/build.sh
+export SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)
+./misc/AMDSEV/build.sh
+```
+
+For stronger package source determinism, pin apt to a snapshot:
+
+```sh
+export APT_SNAPSHOT_URL="http://snapshot.ubuntu.com/ubuntu/20250115T000000Z/"
+export APT_SNAPSHOT_SUITE="noble"
+export APT_SNAPSHOT_COMPONENTS="main"
 ```
 
+If building in a containerized pipeline, set the image digest for provenance tracking:
+
+```sh
+export BUILD_CONTAINER_IMAGE_DIGEST="sha256:<digest>"
+```
+
+Run a built-in reproducibility check (double build + hash compare):
+
+```sh
+export KATANA_STRICT_REPRO=1   # optional: requires vendored cargo deps for strict katana reproducibility
+./misc/AMDSEV/build.sh --katana /path/to/katana --repro-check
+```
+
+You can also compare two build output directories directly:
+
+```sh
+./misc/AMDSEV/verify-build.sh --compare /path/to/build-a /path/to/build-b
+```
+
+Each build writes deterministic provenance metadata to:
+- `build-info.txt`
+- `materials.lock`
+
+See [`REPRODUCIBILITY.md`](./REPRODUCIBILITY.md) for the full policy.
+
 ## Troubleshooting
 
 ### `SEV: guest firmware hashes table area is invalid (base=0x0 size=0x0)`

misc/AMDSEV/REPRODUCIBILITY.md

@@ -0,0 +1,43 @@
+# AMD SEV-SNP Build Reproducibility Policy
+
+## Scope
+
+This policy targets byte-identical outputs for the following artifacts when built with the same:
+- source tree revision
+- `build-config` pins
+- `SOURCE_DATE_EPOCH`
+- toolchain/runtime environment
+
+Artifacts:
+- `OVMF.fd`
+- `vmlinuz`
+- `initrd.img`
+- `katana`
+
+## Required Inputs
+
+- `SOURCE_DATE_EPOCH` must be explicitly set and fixed.
+- `OVMF_COMMIT` must be pinned.
+- Package versions and SHA256 values in `build-config` must remain pinned.
+- `BUILD_CONTAINER_IMAGE_DIGEST` should be set when using a containerized CI pipeline.
+- For katana, prefer passing a prebuilt pinned binary via `--katana`. If auto-building, set `KATANA_STRICT_REPRO=1` with vendored dependencies.
+
+## Stronger Package Source Determinism
+
+To avoid host apt source drift, set:
+- `APT_SNAPSHOT_URL`
+- `APT_SNAPSHOT_SUITE`
+- `APT_SNAPSHOT_COMPONENTS`
+
+If unset, build scripts use host apt sources and reproducibility guarantees are weaker.
+
+## Validation
+
+- Use `./misc/AMDSEV/build.sh --repro-check` to run a double-build and hash comparison.
+- Use `./misc/AMDSEV/verify-build.sh --compare DIR_A DIR_B` for explicit directory comparisons.
+
+## Provenance Files
+
+Each build emits:
+- `build-info.txt` with pinned inputs and output checksums
+- `materials.lock` with immutable input and artifact hashes

misc/AMDSEV/build-config

@@ -20,3 +20,13 @@ BUSYBOX_PKG_SHA256="944b2728f53ceb3916cec2c962873c9951e612408099601751db2a0a5d81
 # Kernel modules extra (Ubuntu package, for initrd SEV-SNP support)
 KERNEL_MODULES_EXTRA_PKG_VERSION="6.8.0-90.91"
 KERNEL_MODULES_EXTRA_PKG_SHA256="c17bd76779ce68a076dc1ef9b1669947f35f1868f6736dbd0a8a7ccacf7571f3"
+
+# Optional apt snapshot source for stronger reproducibility guarantees.
+# When set, build scripts use this source instead of host /etc/apt/sources.list.
+# Example:
+#   APT_SNAPSHOT_URL="http://snapshot.ubuntu.com/ubuntu/20250115T000000Z/"
+#   APT_SNAPSHOT_SUITE="noble"
+#   APT_SNAPSHOT_COMPONENTS="main"
+APT_SNAPSHOT_URL=""
+APT_SNAPSHOT_SUITE="noble"
+APT_SNAPSHOT_COMPONENTS="main"