AMD SEV-SNP¶
How to use the AMD SEV-SNP platform¶
CCF must run on an AMD CPU which supports SEV-SNP, such as Azure confidential containers or Azure Kubernetes Service with Confidential Containers.
To use SNP, in the enclave configuration section, the enclave platform
should be set to SNP
.
Attestation¶
SNP attestation provide several fields needed to establish trust. Several deployment scenarios are possible.
Confidential Azure Container Instance (ACI)¶
Azure Confidential ACI provides a security context directory containing the following files.
security-policy-base64
: The security policy [1] describing the state and transitions allowed for the container (Base64 encoded). The SHA256 hash of the decoded value should match the attestation reporthost_data
. This value is stored in the nodes.snp.host_data table.reference-info-base64
: The COSE Sign1 document containing the measurement [2] of the utility VM (UVM) used to launch the container (Base64 encoded). The measurement contained in the document payload should match the reportmeasurement
. If set, the value is stored in the nodes.snp.uvm_endorsements table and new nodes must present measurement endorsements from the same issuer (did:x509) to be trusted.
The location of the security context directory is passed to the container’s startup command as the UVM_SECURITY_CONTEXT_DIR
environment variable. CCF can be configured to fetch the security policy and UVM endorsements from the security context directory by setting the snp_security_policy_file
and snp_uvm_endorsements_file
configuration options, respectively.
AMD endorsements must be fetched, preferably from the THIM service, but configuring the Azure cache or the AMD server is also possible.
Tip
See samples/config/start_config_aci_sev_snp.json for a sample node configuration for ACI deployments.
Confidential Azure Kubernetes Service (AKS)¶
Note
See here for more information on the deployment of confidential containers in Azure.
Confidential AKS provides a security context directory containing the following file.
reference-info-base64
: The COSE Sign1 document containing the measurement [2] of the utility VM (UVM) used to launch the container (Base64 encoded). The measurement contained in the document payload should match the reportmeasurement
. If set, the value is stored in the nodes.snp.uvm_endorsements table and new nodes must present measurement endorsements from the same issuer (did:x509) to be trusted.
The security policy must be provided by the operator, and will be picked up by CCF on startup if is named security-policy-base64
and located in the security context directory. The SHA256 hash of the decoded value should match the attestation report host_data
. This value is stored in the nodes.snp.host_data table.
AMD endorsements must be fetched, preferably from the THIM service, but configuring the Azure cache or the AMD server is also possible.
Tip
See samples/config/start_config_aks_sev_snp.json for a sample node configuration for Confidential AKS deployments.
Non-Azure Deployment¶
For non-Azure deployments, the certificate chain for VCEK will need to be retrieved from an endorsement server, as specified in the attestation.snp_endorsements_servers configuration section. For example, for the well-known AMD endorsement server, the value should be set to:
"attestation": {
"snp_endorsements_servers": [
{
"type": "AMD",
"url": "kdsintf.amd.com"
}
],
"snp_security_policy_file": "/path/to/security-policy-base64",
"snp_uvm_endorsements_file": "/path/to/reference-info-base64"
}
Tip
See samples/config/start_config_amd_sev_snp.json for a sample node configuration for non-Azure deployments.
Note
The CCF node will fetch the endorsements from the server on startup, which may cause substantial deployment delays (up to tens of seconds) depending on network latency and endpoint throttling.
Governance Proposals¶
The following governance proposals can be issued to add/remove these trusted values, e.g. when upgrading the service (see Code Upgrade):
add_snp_host_data
/remove_snp_host_data
: To add/remove a trusted security policy, e.g. when adding a new trusted container image as part of the code upgrade procedure.add_snp_uvm_endorsement
/add_snp_uvm_endorsement
: To add remove a trusted UVM endorsement (Azure deployment only).add_snp_measurement
/remove_snp_measurement
: To add/remove a trusted measurement.
Footnotes