Create and Run AMD SEV-SNP Application

1.0 Introduction

This article describes the steps to set up a machine for the Publisher (Model Owner) to build a Confidential Virtual Machine (CVM) image, and the steps for the Consumer to build, attest, register, and run applications in Advanced Micro Devices (AMD) Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) within a shared workflow in Fortanix Confidential Computing Manager (CCM).

2.0 Definitions

Publisher (Model Owner) - A Publisher is a model owner who securely shares a proprietary model with enterprises without exposing the model artifact, model weights, or configuration details.
Consumer (Enterprise) - A Consumer is an enterprise that runs a proprietary model on-premises without gaining access to the underlying model artifact, model weights, or configuration details.

3.0 Enroll the Fortanix Node Agent for AMD SEV-SNP

NOTE
The node agent enrolment is only performed by the Consumer.

The Fortanix Node Agent software enables the registration of compute nodes with Fortanix CCM when installed on a compute node. It verifies the integrity of the underlying hardware and software running on the node and supports application attestation and workload visibility within Fortanix CCM.

For more information on how to download and enroll a compute node on an AMD SEV-SNP platform, refer to the Enroll a Compute Node Using Bare Metal - AMD SEV-SNP guide.

4.0 Configure Fortanix CCM

NOTE
The Publisher (Model Owner) and Consumer (Enterprise) must create their own Fortanix CCM account and group

4.1 Create an Account

A Fortanix CCM account is the top-level container for applications, images, and nodes. An account is generally associated with an organization, rather than an individual. Different accounts are fully isolated from each other.

To get started with Fortanix CCM you must first sign up in https://ccm.test.fortanix.com/ and create an account. If you already have an existing account, log in to that account.

For more information on how to sign up, log in, and create a Fortanix CCM account, refer to https://support.fortanix.com/docs/users-guide-logging-in.

4.2 Create a Group

A group is a collection of users and objects that helps users manage identities, create collaborating groups, and organize and secure applications, datasets, and workflows that belong to the group.

Perform the following steps to create a group:

In the CCM user interface (UI) left navigation panel, click the Groups menu item, and on the Groups page, click + ADD GROUP to create the consumer group.
Copy the Group ID from the browser or using the copy icon by navigating to the detailed view of the group. This will be used by the Publisher (Model Owner) when creating a CVM image in Section 9.0: Create a Confidential VM Image.
Figure 1: Create a Group

4.3 Download Zone CA Certificate From Your CCM Account

NOTE
The Consumer (Enterprise) is required to download the Zone CA Certificate and securely share it with the Publisher (Model Owner) for upload to their Key Management System (KMS) to enable Secure Key Release (SKR) functionality. The SKR feature ensures that cryptographic keys are released from Fortanix DSM only when the application proves it is running in a trusted and secure environment, thereby protecting both the data and model.
The method used to share the certificate is outside the scope of this guide.

Perform the following steps to download the Zone CA Certificate from your Fortanix CCM account:

Click the Infrastructure → Compute Nodes menu item from the CCM left navigation panel and go to the AMD SEV-SNP tab.
Click the + ADD NODE button.
On the ENROLL COMPUTE NODE dialog box:
1. Click DOWNLOAD ZONE CA. The downloaded certificate will be uploaded by the Publisher (Model Owner) to Fortanix DSM in Section 5.0: Configure Fortanix DSM.
Figure 2: Download Zone CA

5.0 Configure Fortanix DSM

NOTE
The Publisher (Model Owner) is required to create an account, group, applications and security objects in Fortanix DSM

5.1 Create an Account and Group

A Fortanix DSM account is the top-level container for security objects managed by Fortanix DSM. An account is generally associated with an organization, rather than an individual. Security objects, groups, and applications belong to exactly one account. Different accounts are fully isolated from each other.

To get started with Fortanix DSM you must first sign up in and create an account. If you already have an existing account, log in to that account.

For more information on how to sign up and log to Fortanix DSM account, refer to the Sign Up for Fortanix DSM SaaS guide.
For more information on setting up an account and creating a group, refer to Getting Started with Fortanix DSM UI guide.

5.2 Create an Application (app) with Trusted CA Authentication

Create an application to authenticate to Fortanix DSM using a Transport Layer Security (TLS) client certificate signed by a Trusted Certificate Authority (CA). This app will be used for decrypting the model and weights when the Confidential Virtual Machine (CVM) launches.

Click the Groups menu item from the DSM left navigation panel and select the group you created in Section 5.1: Create an Account and Group to go to its detailed view.
Click APPS → ADD APP to create a new application.
Figure 3: Create an app
Follow the steps hereto configure a new app with the following details:
1. Interface: REST API
2. Authentication Method: Trusted CA
3. DNS Name: my-server
4. Upload Trusted CA Cert: Upload the Zone CA Certificate downloaded and shared by Consumer (Enterprise) in Section 4.3: Download Zone CA from your CCM Account.
Click SAVE.
Figure 4: App with Trusted CA authentication

5.3 Create an Application (app) with API Key Authentication

Create an application to authenticate to Fortanix DSM using API key. This API key is a random, secret token that identifies an app in the same way as a password identifies a user. This app will be used for encrypting the model and weights.

Repeat Steps 1-2 from previous Section 5.2: Create an App with Trusted CA Authentication.
Follow the steps here to configure a new app with the following details
1. Interface: REST API
2. Authentication Method: API Key
Click SAVE.
Figure 5: App with API key authentication

5.4 Create Security Objects (Optional)

Security objects (keys) can be created from the Fortanix DSM UI or programmatically. An option using sq-dsm is described in Section 7.0: Model Encryption and Decryption Using SQ-DSM.

6.0 Prepare the Build Machine

6.1 System Requirements

The minimum system requirements for the build machine are as follows. The required disk size may vary depending on the model size.

Example Configuration:

CPU: 16 cores
Memory: 128 GB
Disk: 100 GB (minimum; increase based on model size)
Operating System: Ubuntu 24.04 LTS
Required packages: docker.io, jq, python3, python3.12-venv

6.2 Set Up the Build Machine

Perform the following steps:

Download the Fortanix CVM Build Tool (fortanix-cmv-builder-1.0.10.deb) provided by Fortanix.
NOTE
The Debian build package is provided as an example utility ONLY. Please use your own build tooling as appropriate, provided it meets the required build specifications

Verify the checksum:

cksum fortanix-cvm-builder-1.0.10.deb
1946804759 381619178 fortanix-cvm-builder-1.0.10.deb

Run the following command to install the package:
```
sudo dpkg -i fortanix-cmv-builder-1.0.10.deb
```

Run the following command to verify the installation.

$ dpkg -l | grep fortanix
ii fortanix-cvm-builder 1.0.10 all Fortanix CVM Image Builder

This creates the Fortanix CVM builder directory /opt/fortanix/mkosi.

Run the following command if you want to uninstall the fortanix-cmv-builder:

sudo dpkg -r fortanix-cvm-builder
sudo apt-get purge fortanix-cvm-builder
sudo dpkg -P fortanix-cvm-builder

7.0 Model Encryption and Decryption Using SQ-DSM

You can encrypt the model using various methods. The example below demonstrates encryption using Fortanix sq-dsm. Model Owners may choose an alternative encryption method based on their requirements.

7.1 Configure for Encryption

Configure the Fortanix DSM client and authentication settings required to generate keys and encrypt the model.

Download and install the Fortanix sq-dsm library from here.
Set the following environment variables:
- FORTANIX_API_ENDPOINT: Set your Fortanix DSM endpoint (for example, https://amer.smartkey.io) when using API key authentication for encryption.
- FORTANIX_API_KEY: API key of the Fortanix DSM application.
- FORTANIX_APP_UUID: App UUID of the Fortanix DSM application configured for the Trusted CA authentication method.

7.2 Generate a PGP Key in Fortanix DSM

Create a Fortanix DSM-managed PGP key that will be used to encrypt and decrypt the model.

Run the following command to generate three security objects in DSM: one primary key and two subkeys.

sq-dsm key generate \
  --dsm-key "model-enc-key-1" \
  --cipher-suite "rsa4k" \
  --userid "modelowner@example.com"

Where,

--dsm-key: The name of the key to be created in DSM.
--cipher-suite: The cryptographic algorithm for the key.
Default: cv25519
Possible values: rsa2k, rsa3k, rsa4k, rsa8k, cv25519, nistp256, nistp384, nistp521
--userid: The user ID attached to the key for reference.

7.3 Extract the Certificate (Public Key)

Export the public certificate associated with the Fortanix DSM key for use during model encryption.

Run the following command to export the public key for encryption:

sq-dsm key extract-cert \
  --dsm-key "model-enc-key-1" \
  --output model.cert.pgp

Where,

--dsm-key: The name of the key in DSM.
--output: The file name where the extracted certificate is stored.

7.4 Encrypt the Model

Run the following command to encrypt the model file using the exported public certificate.

sq-dsm encrypt \
  --recipient-cert model.cert.pgp \
  --compression none \
  FILE_TO_BE_ENCRYPTED \
  -o NAME_OF_ENCRYPTED_FILE

Where,

--recipient-cert: The certificate file used for encryption.
FILE_TO_BE_ENCRYPTED: Name of the model file to encrypt.
NAME_OF_ENCRYPTED_FILE: The output file name for the encrypted model.

7.5 Configure for Decryption

Configure certificate-based authentication to enable secure model decryption at runtime.

Perform the following steps:

Install the Fortanix sq-dsm library from here.
Set the following environment variables:
- FORTANIX_API_ENDPOINT: Set your Fortanix DSM endpoint (for example, https://amer.smartkey.io) when using Trusted CA authentication for decryption.
- FORTANIX_APP_UUID: App UUID of the Fortanix DSM application configured for the Trusted CA authentication method.
- FORTANIX_PKCS12_ID: The PKCS#12 identity file used for certificate-based authentication.

Run the following command to generate the PKCS#12 identity file:

openssl pkcs12 -export \
  -out identity.pfx \
  -inkey /opt/fortanix/enclave-os/app-config/rw/key.pem \
  -in /opt/fortanix/enclave-os/app-config/rw/cert.pem

Run the following command to set the environment variable
```
export FORTANIX_PKCS12_ID=identity.pfx
```

7.6 Decrypt the Model (Runtime)

Run the following command to decrypt the encrypted model file at runtime using the corresponding Fortanix DSM key.

sq-dsm decrypt \
  --dsm-key "model-enc-key-1" \
  NAME_OF_ENCRYPTED_FILE \
  -o NAME_OF_DECRYPTED_FILE

Where,

--dsm-key: Name of the Fortanix DSM key used during encryption.
NAME_OF_ENCRYPTED_FILE: The encrypted model file.
NAME_OF_ENCRYPTED_FILE: The output file name for the decrypted model.

7.7 Troubleshooting

If you see the following error:

Multiple auth methods found. Using API key
Error: Decryption failed
Caused by: Unauthorized access

Unset the FORTANIX_API_KEY environment variable before performing decryption:

unset FORTANIX_API_KEY

8.0 Containerize the Model

Containerize the application together with the encrypted model. The application must use CCM-issued attestation certificates to authenticate with DSM and decrypt the model at runtime inside the enclave.

The Fortanix attestation client stores the CCM-issued certificates and makes them available to attested enclaves at runtime at the following locations:

/opt/fortanix/enclave-os/app-config/rw/cert.pem
/opt/fortanix/enclave-os/app-config/rw/key.pem

When building the container image, ensure the following are correctly integrated:

The encrypted model is included in the container image.
The application is configured to use CCM-issued certificates for DSM authentication.
Model decryption logic is executed at startup using sq-dsm or an equivalent mechanism.

9.0 Create a Confidential VM Image

A Confidential virtual machine (CVM) image must be created to generate the attestation configuration required to register and validate the AMD SEV-SNP application image in Fortanix CCM.

Perform the following steps:

Run the following command to navigate to the Fortanix CVM builder directory:
```
cd /opt/fortanix/mkosi
```
Export the following environment variables:
```
CPUS=12
VCPU_TYPE=EPYC-v4
CONTAINER_IMAGES="nginx:latest"
CCM_TAG=latest
OUTPUT_CVM_NAME=model-cvm-image
CCM_URL=https://ccm.test.fortanix.com
CCM_USERNAME=admin_user@abc.com
CCM_PASSWORD=password
CCM_ACCOUNT=account-name
CCM_APP_NAME=app-name
CCM_GROUP_ID=016dxx91-3xx1-4xx5-9xxf-3xx1xxe1xx62
CCM_DOMAINS="my-server"
export COPROCESSORS=Require
export VMPL=vmpl0 
```
Where,
- CONTAINER_IMAGES: The encrypted model container image(s). If specifying multiple images, separate them with spaces.
  For example: "image1:tag1 image2:tag2"
  Ensure that the build machine can pull these images using Docker.
- OUTPUT_CVM_NAME: The base name used for the generated QCOW2 disk image and EFI artifacts. This name will also be used to register image in Fortanix CCM.
- CCM_TAG: The version or tag for your CCM application. The default value is “latest”.
- CCM_URL: This must be set to https://ccm.test.fortanix.com.
- CCM_USERNAME: The username or email address associated with your Fortanix CCM account.
- CCM_PASSWORD: The password for the Fortanix CCM account.
- CCM_ACCOUNT: The name of your Fortanix CCM account.
- CCM_APP_NAME: The name to assign to the Fortanix CCM AMD SEV-SNP application under which the image gets registered.
- CCM_GROUP_ID: The Fortanix CCM Group ID copied in Section 4.2: Create a Group.
- CCM_DOMAINS: This must match the allowed domains configured in Fortanix DSM (Section 5.2: Create an Application with Trusted CA Authentication).
Update /opt/fortanix/mkosi/mkosi.extra/root/compose-example.yml with your encrypted model application container details. If you rename this Compose file, ensure that the updated filename is also reflected in:
/opt/fortanix/mkosi/mkosi.extra/root/run.sh.
NOTE
The run.sh script initiates the application container within the CVM by invoking docker compose up during startup.
Download the Fortanix Attestation Client – AMD SEV-SNP provided by Fortanix and copy it to the /opt/fortanix/mkosi/mkosi.extra/root directory.
This embeds the attestation client into the CVM image.

Run the following command to build the CVM image:

/build.sh

Upon successful build, the following artifacts are generated:

======================================================== CVM image built successfully ========================================================

Build has generated following artifact: /opt/fortanix/mkosi/build/mkosi.output/model-cvm-image.tar.gz

Contents:
526669312 model-cvm-image.qcow2
170707456 model-cvm-image.efi
4194304 OVMF.amdsev.fd
2789 launch_cvm.sh

The AMD SEV-SNP application and its measurements will be visible in the Fortanix CCM UI now.
1. In the CCM UI left navigation panel, click the Applications menu item. On the Applications page, locate the application created in Step 2 above by searching for the name specified in CCM_APP_NAME.
  Figure 6: App image created in CCM
  Figure 7: App image measurements
2. Go to the detailed view of the app. On the IMAGES tab, locate and click the image by searching for the name specified in Step 2 for OUTPUT_CVM_NAME. This opens the detailed view of the application image, displaying its measurements.

10.0 Copy the VM Image into the AMD SEV-SNP Bare Metal VM

The Publisher (Model Owner) must securely share the CVM image with the Consumer (Enterprise) so that the Consumer can deploy it on their bare metal server. The method used to share this CVM image is outside the scope of this guide

Run the following command to copy the CVM image (model-cvm-image.tar.gz) generated in Section 9.0: Create a Confidential VM Image to the target AMD SEV-SNP Bare Metal VM:

scp /opt/fortanix/mkosi/build/mkosi.output/model-cvm-image.tar.gz <username@remote_host_ip>:</remote/directory/>

Where,

<username@remote_host_ip> is the username and IP of the Bare Metal VM.
</remote/directory/> is the destination path.

NOTE
The Publisher (Model Owner) and the Consumer (Enterprise) must complete the steps documented in Section 11: Create Collaborating Groups and Shared Workflow, before the Consumer can deploy the application or model.

11.0 Create Collaborating Groups and Shared Workflow

NOTE
The Consumer must create collaborating groups and shared workflow to collaborate with the Publisher and deploy the application or model.

In Fortanix CCM collaborating groups help to securely share selected resources and help users work together on common workflows.

For more information on how to create collaborating groups in Fortanix CCM for AMD SEV SNP and run the workflow applications, refer to Collaborating Groups and Shared Workflow - AMD SEV-SNP Applications guide.