Deployment Pattern

A typical deployment places GPU servers adjacent to an enterprise AI platform. Each server has a TEE-capable CPU, CC-capable GPUs, and a host configured for the chosen CVM launch stack.

The model provider supplies the locked-down CVM image, encrypted model artifacts, image digest and signing metadata, key-release policy, inference-server certificate requirements, and logging requirements.

The CC software provider supplies the attestation verifier, key-release service, measurement tooling, GPU CC integration, supported configuration, and failure signals.

The platform operator supplies rack, power, cooling, networking, DNS, firewall rules, host OS install, BIOS and firmware configuration, KVM/QEMU and OVMF support, GPU passthrough, GPU confidential mode setup, the service IP or load balancer, and monitoring that excludes payloads.

The security team reviews attestation policy, reference-value governance, KMS/HSM governance, SIEM integration, incident response, and change control.

This isn’t an install guide. The final deployment guide will include version pins, launch parameters, supported hardware matrices, concrete key-release policy examples, evidence formats, validation commands, failure-mode tests, and ownership decisions. The full checklist is in Appendix F.