This repository builds a minimal, deterministic, and verifiable HTTP Gateway for the Internet Computer Protocol (ICP), designed for deployment in confidential computing environments such as AMD SEV-SNP trusted execution environments.
The HTTP Gateway is in production use by the DFINITY Foundation, serving traffic for
ic0.app, icp0.io, icp-api.io, and all custom domains (e.g., internetcomputer.org).
Each release includes the following artifacts:
initramfsvmlinuzOVMF.fd- and an SEV-SNP measurement assuming a configuration with 30 vCPUs
A custom initramfs image that includes:
ic-gatewayfrom the ic-gateway repositoryic-http-lbfrom the ic-http-lb repositorycertificate-issuerfor custom domain support from the main IC repositoryvectorfor loggingnode-exporterfor system-level metricsrunita lightweight init system and service supervisor
- Linux kernel image, sourced from the SEV-SNP dependencies repository
- UEFI firmware file for booting in a virtualized environment, also sourced from the SEV-SNP dependencies repository
See Attestation Guide for instructions on how to remotely attest and verify the SEV-SNP-enabled HTTP Gateways.
This project is licensed under the Apache License 2.0.
This repository does not accept external contributions at this time.