Appendix D. Lifecycle and Change Control#
Table 13: Lifecycle and Change Control
Change |
Expected impact |
Required control |
|---|---|---|
Firmware, host kernel, driver, GPU Operator, confidential runtime, or key-release update |
Changes evidence, support status, or GPU CC behavior |
Revalidate support status and update reference values before production key release. |
Guest image, initrd, Kata Agent policy, Attestation Agent, Confidential Data Hub, or inference server update |
Changes measured guest or runtime-policy state |
Capture new measurements, approve the policy change, and preserve rollback values. |
Workload image, model artifact, or model key rotation |
Changes workload-image digest, artifact digest, key ID, or release policy |
Register new image/artifact metadata, update key policy, and retire old keys under model-provider control. |
Trustee, KBS, Attestation Service, verifier, or KMS/HSM update |
Changes verification or key-release behavior |
Run positive and negative attestation tests and verify audit events. |
Emergency disablement |
Stops key release for approved or suspect workloads |
Record who disabled key release, why, what was affected, and how recovery is approved. |