Limitations and Open Questions

The scaling, placement, rollout, service discovery, image updates, VM lifecycle tooling, or integration with the surrounding AI platform need custom automation and virtualization platform integration.

The model provider builds, hardens, signs, measures, and updates a full OS image or a tightly controlled guest artifact, rather than a thin container layer. This requires the model provider to understand the complexity of VM image creation.

The current CVM reference implementation with Canonical and Fortanix does not solve for scale-out deployments and requires the platform operator to build a custom orchestration solution for VMs. In comparison, kubernetes (k8s) based deployments with Confidential Containers can scale-out, leveraging the native k8s primitives.