Confidential Computing Requirements
System
Creating a confidential virtual machine currently requires the creation of an encrypted disk on a machine you trust. This machine must run Linux on x86_64 (64 bit CPU, most recent PCs but not Mac).
The documentation below assumes a Linux system based on Debian or Ubuntu, but the procedure can be adjusted to other distributions.
This requirement will be lifted in the future with confidential virtual machines that encrypt the filesystem themself.
Software required
- The aleph-client command-line tool
- The sevctl tool from AMD
- A OpenSSH keypair
aleph-client
Install pipx:
Then install aleph-client
:
pipx install aleph-client
````
### sevctl
Install [Rust and Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html):
```shell
curl https://sh.rustup.rs -sSf | sh
Then install sevctl using cargo
:
guestmount
This tool is used to create the encrypted disk.
On systems based on Debian/Ubuntu:
Note: Up to 119 dependencies and 178 MB of additional disk space will be used.