Appendix A. Validated Configuration Profile Template#

Table 11: Validated Configuration Profile Template

Layer

Field

Deployed configuration

Evidence / owner

Server platform

OEM model, motherboard/platform, rack profile

Dell PowerEdge XE7745; AMD EPYC Genoa; 8x RTX Pro 6000 BSE PCIe — same hardware as the Fortanix profile (confirm: BIOS version, iDRAC firmware against your BOM)

OEM/integrator validation report

CPU TEE

CPU model, TEE mode, firmware/microcode, BIOS settings

2x AMD EPYC 9555 (Genoa); AMD SEV-SNP enabled; SNP firmware 1.55+; amd_iommu=on iommu=pt (confirm: microcode version from dmesg | grep -i snp; BIOS label names from OEM guide) — Intel TDX on ER/GR also supported per CoCo GA 1.0.0

OEM/integrator with platform security owner

GPU confidential computing

GPU SKU/form factor/count, firmware, CC mode, topology

8x NVIDIA RTX Pro 6000 BSE PCIe; single-GPU SPT; CC mode on; all GPUs in CC mode (confirm: firmware from nvidia-smi -q; CC mode from nvidia-smi conf-compute -q) — MIG not supported; vGPU not supported

NVIDIA and OEM/integrator

Host virtualization stack

Host OS/kernel, IOMMU/VFIO, QEMU, OVMF, launch template

Ubuntu 24.04 LTS (or 25.10); kernel 6.14.0-37-generic or 6.17+ recommended; vfio-pci loaded; QEMU 9.2.1 with SEV-SNP patches; OVMF edk2-stable202408 SNP variant; QEMU CLI script or libvirt domain XML (confirm: QEMU build — distro package vs. source — and OVMF variant hash)

Platform operator and CVM platform provider

Guest image/runtime

Guest OS, image digest, attestation client, driver, admin paths

Ubuntu 24.04 minimal; guest kernel 6.11+; NVIDIA driver 580+; inference server; SSH disabled; no root shell (confirm: image SHA256 digest — must be registered in RVPS before production key release)

Model provider and CVM platform owner

NVIDIA software

Driver version, device assignment configuration

NVIDIA driver 580+ inside CVM guest only — host has no NVIDIA driver when GPU is VFIO-bound; GPU assigned via -device vfio-pci,host=<BDF> in QEMU (confirm: driver version from nvidia-smi inside running CVM; VFIO binding from lspci -k on host)

NVIDIA and platform operator

Key release

KBS/AS versions, topology, policy, KMS/HSM, collateral

Refer to Fortanix documentation for the release versions of CCM and DSM components that support NVIDIA GPU attestation.

CVM platform provider and key-release authority

Network/storage

Ingress, egress, collateral cache, SIEM

Inbound HTTPS/443 from approved gateway; outbound HTTPS/443 to KBS and OCI registry; HTTPS to NVIDIA collateral endpoint or local cache; broad internet denied; SIEM: KBS JSON logs — no payload data; tmpfs for ephemeral model scratch (confirm: collateral endpoint or cache reachability)

Platform operator and security team

Validation scope

Positive/negative tests, benchmark, lifecycle

CVM boots; attestation succeeds; KBS releases test key; inference serves HTTPS requests.

OEM/integrator and solution architects