Skip to main content


Continuum verifies the CVM's attestation statement to ensure that the involved services and workloads run on trusted hardware. Only attested worker machines are given access to secrets to decrypt the inference requests.

For more general information on remote attestation, take a look at our confidential computing wiki.

Measured boot

When a Continuum OS image boots inside a CVM, it uses measured boot for all stages and components of the boot chain. This process goes up to the root filesystem. The root filesystem is mounted read-only with integrity protection, guaranteeing forward integrity. Any changes to the image will inevitably also change the measured boot's PCR values.

GPU attestation

Continuum relies on GPUs to accelerate machine learning workloads. Because GPUs are dedicated devices with their own hard- and software, the state of each GPU needs to be verified in addition to the VM's state. To support this, the GPU needs to be equipped with confidential computing features. Nvidia's H100 is the first GPU with such support.

Before a GPU is used for Continuum workloads, Continuum OS resets the GPU and requests attestation evidence from the GPU. The evidence is sent to the Nvidia Remote Attestation Service (NRAS), where it is verified. The GPU will only become available to workloads after that verification is successful.