A3S Docs
A3S Box

TEE Security

SEV-SNP attestation, RA-TLS, sealing, secret injection, and simulation boundaries

TEE Security

A3S Box has a SEV-SNP-oriented confidential-computing path. The feature set includes attestation report handling, RA-TLS, sealed storage, secret injection, and a simulation mode for development.

The security rule is simple: simulation proves the plumbing; only hardware-backed attestation can support a confidentiality claim.

Capability Matrix

FeatureCurrent state
SEV-SNP report parsingImplemented.
ECDSA-P384 report verificationImplemented.
Certificate-chain handlingImplemented for the SEV-SNP flow.
RA-TLSImplemented with SNP report data in certificate extensions.
SealingAES-256-GCM with HKDF-SHA256 and policy context.
Secret injectionRA-TLS-based delivery to /run/secrets/ and optional env export.
SimulationImplemented through --tee-simulate or A3S_TEE_SIMULATE.
TDXNot productized.

Hardware Flow

a3s-box run -d --name secure --tee myimage:latest -- sleep 3600
a3s-box attest secure --ratls
a3s-box inject-secret secure --secret DB_PASSWORD=secret --set-env
a3s-box seal secure --data "encryption-key" --context app/key --policy measurement-and-chip

Requirements are host-specific: SEV-SNP-capable AMD EPYC hardware or an equivalent cloud VM, kernel/device support such as /dev/sev or /dev/sev-guest, and a libkrun build that can use the TEE path.

Simulation Flow

a3s-box run -d --name dev --tee --tee-simulate alpine:latest -- sleep 3600
a3s-box attest dev --ratls --allow-simulated
a3s-box inject-secret dev --secret API_KEY=secret --set-env --allow-simulated

Simulation is useful for application development, CI, and testing secret-delivery code. It must not be used as evidence that a workload ran on confidential hardware.

Sealing Policies

PolicyMeaning
measurement-and-chipBind to workload measurement and chip identity. Strongest but least portable.
measurement-onlyBind to workload measurement. More portable across chips with the same measurement.
chip-onlyBind to chip identity. Useful for host-bound secrets.

Operational Guidance

  • Require --allow-simulated only in development or test environments.
  • Treat attestation evidence as part of deployment policy, not as a log message.
  • Rotate secrets when workload measurement, base image, or host trust root changes.
  • Keep TEE claims out of production documentation unless hardware validation has run on the target host class.

Networking

TSI, bridge networking, TCP port publishing, DNS, and platform boundaries

SDK

Rust execution abstractions for A3S Box workloads

On this page

TEE SecurityCapability MatrixHardware FlowSimulation FlowSealing PoliciesOperational Guidance