Strider CI/CD TEE Deployment PoC

The goal of this PoC is to demonstrate automated deployment of code to a TEE via GitHub CI/CD, built with Lunal. The deployed application runs inside a Confidential VM with verifiable attestation.

This document describes the deployment architecture and example usage of the PoC deployment, accessible at:

• TEE Endpoint: https://strider-ci-poc.lunal.dev/
• GitHub Repo: https://github.com/lunal-dev/shared-lunal-strider

Executive Summary

The Strider CI/CD TEE Deployment PoC demonstrates automated, attested deployment of arbitrary code to a Trusted Execution Environment. Developers can:

1. Push code to a shared GitHub repository.
2. A GitHub Action automatically builds and deploys to a dedicated TEE.
3. The deployed application runs inside genuine secure hardware (AMD SEV-SNP).
4. All responses include cryptographic attestation headers for verification.

This enables a workflow where Strider can deploy and iterate on code while Lunal's infrastructure handles TEE provisioning and attestation.

Infrastructure Overview

Confidential VM

• VM Size: AMD DCasv5-series (4 vCPU)
• Region: East US
• OS: Ubuntu 22.04 LTS (Confidential VM)

Deployment Architecture

1. GitHub Repo → Push to main branch
2. GitHub Action → Builds Docker image, pushes to GHCR, SSHs into CVM, pulls image, restarts container
3. Confidential VM (AMD SEV-SNP) → TEE Proxy (:443) forwards to App Container (:8000)

Services Architecture

Strider App Container

The deployed Python web API runs as a Docker container.

• Image: Built from repo Dockerfile, pushed to GHCR
• Listen Address: 0.0.0.0:8000 (container)
• Exposed To: localhost:8000 on host

Lunal TEE Attestation Proxy (tee-proxy.service)

and injects attestation headers into every HTTP response. Same architecture as the Private Inference PoC. The proxy handles HTTPS/TLS termination

• Listen Ports: 80 (HTTP redirect), 443 (HTTPS)
• SSL Certificates: Auto-generated via Let's Encrypt
• Upstream: http://localhost:8000 (Strider app)
• Platform: AMD SEV-SNP

Attestation Headers

Every HTTP response includes an Attestation-Report header containing:

• Base64-encoded, gzip-compressed AMD SEV-SNP attestation report.
• VCEK certificate chain for verification.
• Custom data binding.

API Endpoints

The following endpoints are available:

• POST /commits - Fetch commits from a GitHub repository
• GET /health - Health check endpoint

Example: Fetch Commits

curl -X POST https://strider-poc.lunal.dev/commits \
  -H "Content-Type: application/json" \
  -d '{"owner": "octocat", "repo": "Hello-World", "limit": 5}'

What is Lunal?

Lunal is the trusted compute company that makes TEEs simple, usable, and scalable. We provide unified software and infrastructure for deploying AI workloads in TEEs with zero configuration.

Learn more about Lunal and why secure AI needs TEEs.