Validate the AEP-83 Section 6 interim attestation flow for AMD SEV-SNP: retrieving SEV-SNP and NVIDIA GPU attestation evidence from inside the confidential VM, then cryptographically verifying both against vendor trust roots (AMD KDS for the CPU side, NVIDIA NRAS for the GPU side). This is the property that lets a tenant prove their workload is running in genuine confidential hardware before trusting it with sensitive data.
Scope: applies to both K3s and Kubespray deployment paths since the attestation surface is determined by the kata-deploy guest kernel and kata-qemu-nvidia-gpu-snp runtime class — both orchestrator-independent. Validation criterion: fresh nonce-bound SEV-SNP report retrievable from the guest, report verifies cryptographically against AMD's published trust root (ARK → ASK → VCEK), GPU evidence retrievable via NVTrust SDK, GPU evidence accepted by NVIDIA NRAS with a signed verdict returned. Aligns with AEP-29 (hardware verification via TEE attestation, Final) and AEP-83 Section 6 (Confidential Containers attestation flow, Draft).
Validate the AEP-83 Section 6 interim attestation flow for AMD SEV-SNP: retrieving SEV-SNP and NVIDIA GPU attestation evidence from inside the confidential VM, then cryptographically verifying both against vendor trust roots (AMD KDS for the CPU side, NVIDIA NRAS for the GPU side). This is the property that lets a tenant prove their workload is running in genuine confidential hardware before trusting it with sensitive data.
Scope: applies to both K3s and Kubespray deployment paths since the attestation surface is determined by the kata-deploy guest kernel and
kata-qemu-nvidia-gpu-snpruntime class — both orchestrator-independent. Validation criterion: fresh nonce-bound SEV-SNP report retrievable from the guest, report verifies cryptographically against AMD's published trust root (ARK → ASK → VCEK), GPU evidence retrievable via NVTrust SDK, GPU evidence accepted by NVIDIA NRAS with a signed verdict returned. Aligns with AEP-29 (hardware verification via TEE attestation, Final) and AEP-83 Section 6 (Confidential Containers attestation flow, Draft).