diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index 8b73e797ca..c04ef8a037 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -256,8 +256,8 @@ DEFSERVICEOFFLOAD ?= false
 DEFGUESTPREATTESTATION ?= false
 DEFGUESTPREATTESTATIONPROXY ?= localhost:44444
 DEFGUESTPREATTESTATIONKEYSET ?= KEYSET-1
-DEFGUESTPREATTESTATIONSECRETGUID ?= e6f5a162-d67f-4750-a67c-5d065f2a9910
-DEFGUESTPREATTESTATIONSECRETTYPE ?= bundle
+DEFGUESTPREATTESTATIONSECRETGUID ?= 1ee27366-0c87-43a6-af48-28543eaf7cb0
+DEFGUESTPREATTESTATIONSECRETTYPE ?= connection
 DEFSEVCERTCHAIN ?= /opt/sev/cert_chain.cert
 DEFSEVGUESTPOLICY ?= 0
 
diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh
index 7d40c29d93..cb318fda56 100755
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@@ -685,6 +685,11 @@ EOF
 			info "Adding agent config for ${AA_KBC}"
 			AA_KBC_PARAMS="offline_sev_kbc::null" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
 		fi
+		if [ "${AA_KBC}" == "online_sev_kbc" ]; then
+			info "Adding agent config for ${AA_KBC}"
+			#KBC URI will be specified in the config file via kernel params
+			AA_KBC_PARAMS="online_sev_kbc::123.123.123.123:44444" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
+		fi
 		attestation_agent_url="$(get_package_version_from_kata_yaml externals.attestation-agent.url)"
 		attestation_agent_version="$(get_package_version_from_kata_yaml externals.attestation-agent.version)"
 		info "Install attestation-agent with KBC ${AA_KBC}"
diff --git a/tools/packaging/guest-image/build_image.sh b/tools/packaging/guest-image/build_image.sh
index 73cae72adf..ae4548e2eb 100755
--- a/tools/packaging/guest-image/build_image.sh
+++ b/tools/packaging/guest-image/build_image.sh
@@ -40,8 +40,8 @@ build_initrd() {
 	export USE_DOCKER=1
 	export AGENT_INIT="yes"
 	# ROOTFS_BUILD_DEST is a Make variable
-
-	if [ "${AA_KBC:-}" == "offline_sev_kbc" ]; then
+	# SNP will also use the SEV guest module
+	if [ "${AA_KBC:-}" == "offline_sev_kbc" | "${AA_KBC:-}" == "online_sev_kbc"]; then
 		config_version=$(get_config_version)
 		kernel_version="$(get_from_kata_deps "assets.kernel.sev.version")"
 		kernel_version=${kernel_version#v}
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 21294aa109..608631912a 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -278,7 +278,7 @@ install_cc_image() {
 }
 
 install_cc_sev_image() {
-	AA_KBC="offline_sev_kbc"
+	AA_KBC="online_sev_kbc"
 	image_type="initrd"
 	install_cc_image "${AA_KBC}" "${image_type}" "sev"
 }