# Advanced Features This article is oriented towards power users that would like to know more about the mechanics of the DeTEE platform and would like to experiment by adding their own kernel, their own initrd or building OS templates for their own distribution or with their own apps. ## Kernel and DTRFS DeTEE VMs currently run using the latest stable version of the kernel. This is required in order to guarantee the SNP features are enabled. As the progress moves forward, we will also offer the LTS kernel as part of our default feature set. AMD SNP attestation is based on the following parameters: - Number of vCPUs - Type of the virtual CPU - Generation of the underlying hardware - Kernel image - The initrd image - Kernel parameters - VM firmware The CLI works together with the initrd (which is actually an initramfs) to enable remote attestation. The integration is based on [virtee](https://github.com/virtee/). As you probably imagined, the normal initramfs images offered by normal distributions do not offer the capabilities required for remote attestation, so we decided to build the DeTEE Init RAM FileSystem (DTRFS). The code required to build DTRFS is currently not public and will get open sourced after the project grows enough to open source the entire intellectual property. You can, however check the contents of the initramfs by downloading the images listed in the CLI: ```yaml $ detee-cli vm dtrfs name: dtrfs-6.12.8 vendor: gheorghe dtrfs_url: http://registry.detee.ltd/dtrfs-payments2025-01-23.cpio.gz dtrfs_sha: 2e95d7969a0f2ae2ee6f37acd2789a032be1653e76ba93e607477c8b1cde42ed kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.10-arch1-1 kernel_sha: f3a4a74b11c07efa0338c5741d44f13480727e8f2021364a64fcffe1706c6231 name: dtrfs-6.12.9 vendor: ramil dtrfs_url: http://registry.detee.ltd/detee-constantin-6.12.9-arch1-1.cpio.gz dtrfs_sha: f1d4d818b5f403ec84b6f1f23cbca3d29ccad6db11941fd60fef1018d9116be4 kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.9-arch1-1 kernel_sha: 8094abfd3a2a9dfdbc19b39d7e720eb43116b885abb36fc9431f0c18cbd5938e ``` DTRFS is based on ArchLinux, however the kernel and the initramfs support any distribution that will work with a generic kernel. Each DTRFS image is linked to an archlinux kernel, in order to guarantee that the kernel gets the modules required to work as a SNP VM running on top of QEMU. ## Distributions Our system currently offers 3 distributions: ArchLinux, Ubuntu and Fedora. You are free to package your own OS template. It should work as long as the operating system works with a generic kernel. Please take the following things into consideration: The VM does not need `/boot/`, meaning it does not need a kernel or a initramfs As a consequence, the VM also does not need kernel modules Make sure `sshd` will start and will listen on `0.0.0.0:22` after boot Here is a short tutorial on how to create your own ArchLinux OS Template: - start any archlinux machine (the arch installer also works) - install `arch-install-scripts` - run `pacstrap /mnt base openssh` to install base packages to /mnt - run `ln -s /usr/lib/systemd/system/sshd.service /mnt/etc/systemd/system/multi-user.target.wants/sshd.service` - run `fsarchiver savedir /tmp/os_template.fsa /mnt` to save your OS template - download `/tmp/os_template.fsa` to your machine - upload the `os_template.fsa` anywhere so that it can be downloaded with wget ## Experimenting on your own If you feel like experimenting, the CLI allows you to deploy a VM using your own kernel and your own OS template. This can be done using `detee-cli vm deploy --from-yaml` and passing the path to your config. Examples can be found in `~/.detee/cli/new_vm_samples/` This is how the yaml file must look: ```yaml hostname: my-specific-vm-01 price: 20000 hours: 5 location: country: "GB" ipv4: !PublishPorts public_ipv6: false vcpus: 2 memory_mb: 2000 disk_size_gb: 20 dtrfs: name: myinitramfs vendor: My Company Ltd dtrfs_url: http://registry.detee.ltd/detee-constantin-6.12.9-arch1-1.cpio.gz dtrfs_sha: f1d4d818b5f403ec84b6f1f23cbca3d29ccad6db11941fd60fef1018d9116be4 kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.9-arch1-1 kernel_sha: 8094abfd3a2a9dfdbc19b39d7e720eb43116b885abb36fc9431f0c18cbd5938e distro: name: ubuntu_2025-01-14 vendor: whoami template_url: http://registry.detee.ltd/ubuntu_os_template.fsa template_sha: dab318f58c19d31181fc09a497d26408c06fb445913809075d7be74583172205 ```