/amd-sev-snp-attestation-sdk

The Automata AMD SEV-SNP Attestation SDK is a software development kit designed to help users generate the AMD SEV-SNP Attestation Report using Rust across different cloud service providers, and generate Risc0 and SP1 ZK Proofs which can be verified on-chain. Powered by Automata

Primary LanguageRustApache License 2.0Apache-2.0

Automata AMD SEV-SNP Attestation SDK

License

Overview

Automata AMD SEV-SNP Attestation SDK is the most-feature complete SDK for AMD SEV-SNP development, it consists of two parts:

  • SEV-SNP library: it helps developers to generate the AMD SEV-SNP Attestation Report in different cloud service providers (CSP).
  • Risc0 and Succinct ZK host and guest programs to interact with the corresponding zkVM servers to generate the proofs, and constructs the Automata AMD SEV-SNP Attestation contract calls to perform the on-chain verification.

Environment Preparation

Refer to SEV-SNP to setup the AMD SEV-SNP CVM in different cloud service providers (CSP).

AMD SEV-SNP Attestation Generation

Use SEV-SNP to generate the AMD SEV-SNP Attestation Report with VEK Cert, you can find an example in sev_snp_attestation.

AMD SEV-SNP Attestation Verification

Combining the Attestation Generation and the ZK Optimization, you can generate an either Risc0 or SP1 ZK proof with the AMD SEV-SNP Attestation Report and the VEK Cert output, and verify it via verifyAndAttestWithZKProof method.

/**
 * @param output the zkVM output.
 * @param zkCoprocessor 1 - RiscZero, 2 - Succinct.
 * @param proofBytes the zk proof.
*/
function verifyAndAttestWithZKProof(
    bytes calldata output,
    ZkCoProcessorType zkCoprocessor,
    bytes calldata proofBytes
)

Deployment Information

The ImageID currently used for the DCAP RiscZero Guest Program is 2d103c1cf21571889427523c0933e1cdc99c1c9474fb6f829999964b1ce820d5.

The VKEY currently used for the DCAP SP1 Program is 0000e024beed46a1ff7ae986500393a8c0f84921a0b95369b98e16295b0b05b6.

ZK Optimization

Risc0

To get started, you need to have the following installed:

Configuring Bonsai

Note: To request an API key complete the form here.

With the Bonsai proving service, you can produce a [Groth16 SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables with your API key and associated URL.

export BONSAI_API_KEY="YOUR_API_KEY" # see form linked above
export BONSAI_API_URL="BONSAI_URL" # provided with your api key

Succinct

To get started, you need to have the following installed:

Note: To request an whitelisted address, complete the form here.

With the SP1 Proving Network, you can produce a [Groth16 SNARK proof] or [Plonk SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables with your whitelisted address and associated Proving Network.

export SP1_PROVER=network
export SP1_PRIVATE_KEY=""

Acknowledgements

We would like to acknowledge the projects below whose previous work has been instrumental in making this project a reality.

Disclaimer

This project is under development. All source code and features are not production ready.