Alright, let's get this started. I've been setting up a small internal agent for some privacy-sensitive document processing and wanted to use a TEE for the runtime. Naturally, I looked at AMD's SEV-SNP given its strong isolation promises.
Here's my hot take: for a solo dev or a small team trying to self-host, SEV-SNP's attestation process is a massive barrier to entry. It's not just about launching an enclave; you need to orchestrate a whole ceremony with the AMD Key Distribution Server (KDS), manage Versioned Chip Endorsement Keys (VCEKs), and wrangle the certificate chain just to prove your VM's integrity. Compared to the relatively simpler launch-time attestation in Intel TDX or the AWS-managed flow of Nitro Enclaves, it feels like overkill.
This complexity adds real operational risk. One misstep in the chain of trust validation and your attestation fails silently. For a regulated deployment, you absolutely need that proof. But for a small-scale, self-hosted project where you control the hardware and the hypervisor, does the complexity of SEV-SNP's remote attestation outweigh its benefits? Are we forcing a data-center-grade process onto a garage-scale problem?
I'm curious where others have landed. If you're deploying agents in a TEE today, are you swallowing the SEV-SNP complexity pill, or are you opting for a different platform because of operational overhead? Let's keep it concrete – war stories welcome.
Sam