nvflare.lighter.impl.signature module
- class SignatureBuilder[source]
Bases:
BuilderSign files with rootCA’s private key.
Creates signatures for all the files signed with the root CA for the startup kits so that they can be cryptographically verified to ensure any tampering is detected. This builder writes the signature.json file.
signature.json is generated only for: - CC (Confidential Computing) kits: full workspace signed for CVM attestation chain. - HE (Homomorphic Encryption) kits: startup + local dirs signed to protect shared TenSEAL context.
Plain non-CC, non-HE kits do not receive signature.json. mTLS is the trust anchor for those deployments. Absence of signature.json is the correct and expected state for centrally provisioned standard kits and for kits assembled via the Manual Workflow (nvflare package).
- build(project: Project, ctx: ProvisionContext)[source]
Execute the main build logic for this builder.
- Parameters:
project (Project) – The project to be provisioned.
ctx (ProvisionContext) – Context shared across builders.