Confidential GPU infrastructure for Chutes miners and zero-trust workloads. This monorepo bundles everything you need to build, attest, launch, and operate Intel TDX VMs with NVIDIA GPUs—including the host orchestration scripts, the guest image builder, and ready-to-run documentation.
| Directory | Purpose |
|---|---|
guest-tools/ |
Build the encrypted TDX VM image with k3s, attestation services, and GPU drivers |
host-tools/ |
Set up the host machine and launch the TDX VM (GPU binding, networking, volume management) |
docs/ |
Integration guide with chutes-miner and system-status service documentation |
ansible/k3s/ |
Ansible roles for guest image build automation |
sek8s/, nvevidence/ |
Python services running inside the guest (attestation, evidence verification, system status) |
tdx/ |
Submodule with Intel's TDX host enablement scripts |
-
Set up the host — Use
host-tools/to prepare your TDX-capable machine with the required kernel, PCCS, GPU bindings, and networking. -
Understand the integration — Read
docs/end-to-end-miner.mdto see how this repo integrates with the chutes-miner control plane. -
Build the guest image — Use
guest-tools/andansible/k3s/to customize or rebuild the encrypted VM image. -
Monitor VM status — See
docs/system-status.mdfor using the system-status API to inspect service health and GPU telemetry inside the VM. -
Monitor VM status — See
docs/system-status.mdfor using the system-status API to inspect service health and GPU telemetry inside the VM.
Launch the VM with host-tools/scripts/quick-launch.sh to bind GPUs, create volumes, and boot the VM in one command.
Important: The guest root disk is LUKS-encrypted. Only the Chutes attestation/key service (or your own compatible service) can decrypt it after verifying Intel TDX measurements, so simply possessing the qcow2 image is not enough to run the VM.
- Guest image: Built with
guest-tools/andansible/k3s/, contains the full Chutes stack pre-installed. - Host operations: Use
host-tools/to launch and manage the TDX VM on bare metal. - Control plane: The chutes-miner repo manages your fleet of miners (both TEE and non-TEE) via
chutes-miner-cli. - Integration: See
docs/end-to-end-miner.mdfor how the pieces fit together.
Note: TEE VMs have no SSH access. Use the
chutes-miner-clifor management and the system-status API (seedocs/system-status.md) for read-only monitoring.
host-tools/README.md— Setting up the TDX host and launching VMsguest-tools/README.md— Building and measuring the encrypted VM imagedocs/end-to-end-miner.md— Complete integration workflow with chutes-minerdocs/system-status.md— System status API for monitoring service health and GPU telemetry
- File an issue or PR in this repo for host tooling, image builds, or docs
- Use the chutes-miner repo for chart-specific issues