Confidential Computing Requirements
System
Creating a confidential virtual machine currently requires the creation of an encrypted disk on a machine you trust. This machine must run Linux on x86_64 (64 bit CPU, most recent PCs but not Mac).
The documentation below assumes a Linux system based on Debian or Ubuntu, but the procedure can be adjusted to other distributions.
This requirement will be lifted in the future with confidential virtual machines that encrypt the filesystem themself.
Software required
- The aleph-client command-line tool
- The sevctl tool from AMD
- A OpenSSH keypair
- An IPFS Server
- Optional: Qemu to test your VM locally
aleph-client
Install pipx:
Then install aleph-client
:
sevctl
Install Rust and Cargo:
Then install sevctl using cargo
:
guestmount
This tool is used to create the encrypted disk.
On systems based on Debian/Ubuntu:
Note: Up to 119 dependencies and 178 MB of additional disk space will be used.
IPFS Server
The encrypted filesystem you will create is close to 4 GB.
In order to copy in on the aleph.im decentralized network, you will first need to make it available on IPFS.