diff --git a/scripts/check_enclave_reproducibility b/scripts/check_enclave_reproducibility
new file mode 100755
index 00000000000..5b29fc7adb6
--- /dev/null
+++ b/scripts/check_enclave_reproducibility
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o xtrace
+
+# This script builds the Asylo server twice from scratch (cleaning the Bazel cache before each
+# compilation), saves the hash of the trusted enclave code to a temporary file, and compares the
+# hashes of the two artifacts.
+# It prints nothing if the hashes match, or a diff in case they don't match.
+# TODO: Perform variations of the build context to verify that the artifacts are unaffected.
+# See http://manpages.ubuntu.com/manpages/cosmic/man1/reprotest.1.html#variations
+
+bazel clean
+rm -rf ./bazel-cache/*
+./scripts/build_server
+./scripts/print_enclave_hash > /tmp/hash_0
+
+bazel clean
+rm -rf ./bazel-cache/*
+./scripts/build_server
+./scripts/print_enclave_hash > /tmp/hash_1
+
+diff /tmp/hash_0 /tmp/hash_1
diff --git a/scripts/print_enclave_hash b/scripts/print_enclave_hash
new file mode 100755
index 00000000000..fe731573963
--- /dev/null
+++ b/scripts/print_enclave_hash
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o xtrace
+
+# Prints the SHA1 hash of the trusted enclave code.
+
+sha1sum ./bazel-bin/oak/server/asylo/{oak_enclave_unsigned.so,oak_enclave.so}