Automata AMD SEV-SNP Attestation SDK is the most-feature complete SDK for AMD SEV-SNP development, it consists of two parts:
- SEV-SNP library: it helps developers to generate the AMD SEV-SNP Attestation Report in different cloud service providers (CSP).
- Risc0 and Succinct ZK host and guest programs to interact with the corresponding zkVM servers to generate the proofs, and constructs the Automata AMD SEV-SNP Attestation contract calls to perform the on-chain verification.
Refer to SEV-SNP to setup the AMD SEV-SNP CVM in different cloud service providers (CSP).
Use SEV-SNP to generate the AMD SEV-SNP Attestation Report with VEK Cert, you can find an example in sev_snp_attestation.
Combining the Attestation Generation and the ZK Optimization, you can generate an either Risc0 or SP1 ZK proof with the AMD SEV-SNP Attestation Report and the VEK Cert output, and verify it via verifyAndAttestWithZKProof method.
/**
* @param output the zkVM output.
* @param zkCoprocessor 1 - RiscZero, 2 - Succinct.
* @param proofBytes the zk proof.
*/
function verifyAndAttestWithZKProof(
bytes calldata output,
ZkCoProcessorType zkCoprocessor,
bytes calldata proofBytes
)| Network | ChainID | SEVAgentAttestation | SP1Verifier | RiscZeroGroth16Verifier |
|---|---|---|---|---|
| Sepolia | 11155111 | 0x84d19f7F2e07766ea16D1c24f7e0828FA11273A2 | 0x397A5f7f3dBd538f23DE225B51f532c34448dA9B | 0x925d8331ddc0a1F0d96E68CF073DFE1d92b69187 |
| Hoodi | 560048 | 0x84d19f7F2e07766ea16D1c24f7e0828FA11273A2 | 0x7DA83eC4af493081500Ecd36d1a72c23F8fc2abd | 0x32Db7dc407AC886807277636a1633A1381748DD8 |
| Automata Testnet | 1398243 | 0x84d19f7F2e07766ea16D1c24f7e0828FA11273A2 | 0x7291752B7c1e0E69adF9801865b25435b0bE4Fc6 | 0xaE7F7EC735b6A90366e55f87780b36e7e6Ec3c65 |
| ZkType | Program ID |
|---|---|
| Risc0 | 0x280160e5f541ac4a9015ae6bb4b65e0b4791354e30ff9a393dd50c3bb24dc377 |
| SP1 | 0x00d2342d2400bed28302507269281dcb2c621bae91a0626796ce637f01c928d8 (BN254); 0x691a1692002fb4a0604a0e4d1281dcb26310dd744681899e2d9cc6fe01c928d8 (BabyBear 32-bit BE word) |
Note
Why are there BabyBear and BN254 Program IDs?
SP1 program identifiers (vkeys) exist in two representations to serve different purposes in the zero-knowledge proof workflow:
-
BN254 Representation (
vkey.bytes32_raw()): This is the on-chain program identifier used for proof verification. The BN254 elliptic curve field is required for on-chain Groth16/Plonk proof verification, making this the canonical identifier for smart contract interactions. -
BabyBear Representation (
vkey.hash_u32()): This is the off-chain program identifier used by zkVM explorers, proof aggregation systems, and development tooling. The BabyBear field is native to SP1's internal arithmetic, making it more efficient for off-chain operations and proof composition.
Important Note on Endianness: The BabyBear values shown in the deployment table above are big-endian (BE) encoded within each 4-byte word for human readability and cross-tool compatibility. The SP1 zkVM internally uses little-endian (LE) encoding of the same BabyBear representation for computation.
When integrating with this SDK:
- Use the BN254 representation when configuring on-chain verifiers or calling verification contracts
- Use the BabyBear representation when querying zkVM explorers or composing proofs
To get started, you need to have the following installed:
With the Boundless proving network, you can produce a [Groth16 SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables:
export BOUNDLESS_RPC_URL="https://..." # Boundless network RPC endpoint
export BOUNDLESS_PRIVATE_KEY="0x..." # Your wallet private key (hex-encoded)
export PINATA_JWT="..." # Pinata JWT for IPFS storage (for ELF uploads)For more information, see the Boundless documentation.
To get started, you need to have the following installed:
Note: SP1 5.2 includes mainnet support by default. To request a whitelisted address for the SP1 production network, complete the form here.
With the SP1 Proving Network, you can produce a [Groth16 SNARK proof] or [Plonk SNARK proof] that is verifiable on-chain. You can get started by setting the following environment variables with your whitelisted address:
export SP1_PROVER=network
export SP1_PRIVATE_KEY="0x..." # Your whitelisted private key
# SP1_RPC_URL is optional - SP1 5.2 defaults to production mainnet endpointWe would like to acknowledge the projects below whose previous work has been instrumental in making this project a reality.
- virtee/sev, an implementation of the AMD Secure Encrypted Virtualization (SEV) APIs and the SEV Secure Nested Paging Firmware (SNP) ABIs.
This project is under development. All source code and features are not production ready.