Appendix F. Deployment Detail Checklist#
Implementation References#
Fast-moving implementation detail belongs in product docs and deployment guides. The paper states what the architecture requires; the references provide version-specific steps, commands, support limits, and product workflow details.
Table 18: Implementation References
Area |
External reference |
Use it for |
Keep in this paper |
|---|---|---|---|
AMD SEV-SNP enablement |
SEV-SNP firmware enablement, kernel patches, sample launch tooling, and CPU TEE setup. |
The CPU TEE profile is part of the validation profile and must be recorded per deployment. |
|
NVIDIA confidential computing platform guidance |
NVIDIA Confidential Computing Deployment Guide and NVIDIA H100 CC whitepaper |
BIOS/firmware prerequisites, GPU CC mode setup, attestation flow, and platform validation guidance. |
The hardware profile is part of the architecture claim and must be recorded per deployment. |
Confidential Computing Consortium |
Background on confidential computing concepts and ecosystem. |
Useful background for stakeholders unfamiliar with confidential computing. |
Reference Deployment Bill of Materials#
Table 19: Reference Deployment Bill of Materials
BOM area |
Items to capture |
Owner |
|---|---|---|
Server and accelerator hardware |
Server model/count, CPU TEE, GPU SKU/form factor/count, memory, NVMe, NICs/DPU, switch/fabric role, management network |
OEM/integrator with NVIDIA and platform operator |
Firmware and host virtualization stack |
BIOS/UEFI versions, secure boot, IOMMU/VFIO, CPU TEE settings, GPU CC mode, GPU firmware, host OS, kernel, QEMU/libvirt, OVMF |
OEM/integrator and platform operator |
CVM guest and launch assets |
Guest OS/image version, image digest/signature, vCPU/memory profile, disk layout, init data, certificates, launch command/template, measurement capture procedure |
Model provider, CVM platform owner, platform operator |
Key-release services |
Verifier/key broker topology, version, domain ownership, policy, key IDs, verifier flow, deployed manifests where applicable, collateral cache, audit/SIEM integration |
CVM platform provider and key-release authority |
Workload artifacts |
Encrypted model artifact, artifact store, signatures, startup service, measurements, key IDs, policy versions |
Model provider and ISV |
Network and identity |
DNS, gateway/load balancer, firewall rules, allowed egress endpoints, TLS certificates, service identities, SIEM targets |
Platform operator and security team |
Validation assets |
Non-sensitive sample key/model, positive/negative tests, expected logs/errors, runbook links |
OEM/integrator and solution architects |