Confidential Computing Requirements

System

Creating a confidential virtual machine currently requires the creation of an encrypted disk on a machine you trust. This machine must run Linux on x86_64 (64 bit CPU, most recent PCs but not Mac).

The documentation below assumes a Linux system based on Debian or Ubuntu, but the procedure can be adjusted to other distributions.

This requirement will be lifted in the future with confidential virtual machines that encrypt the filesystem themself.

Software required

• The aleph-client command-line tool
• The sevctl tool from AMD
• A OpenSSH keypair
• An IPFS Server
• Optional: Qemu to test your VM locally

aleph-client

Install pipx:

sudo apt update
sudo apt install pipx
pipx ensurepath

Then install aleph-client:

pipx install aleph-client

sevctl

Install Rust and Cargo:

curl https://sh.rustup.rs -sSf | sh

Then install sevctl using cargo:

cargo install sevctl
set --export PATH ~.cargo/bin:$PATH

guestmount

This tool is used to create the encrypted disk.

On systems based on Debian/Ubuntu:

apt install guestmount

Note: Up to 119 dependencies and 178 MB of additional disk space will be used.

IPFS Server

The encrypted filesystem you will create is close to 4 GB.

In order to copy in on the aleph.im decentralized network, you will first need to make it available on IPFS.