Confidential Computing Requirements

System

Creating a confidential virtual machine currently requires the creation of an encrypted disk on a machine you trust. This machine must run Linux on x86_64 (64 bit CPU, most recent PCs but not Mac) and have IPv6 connectivity.

The documentation below assumes a Linux system based on Debian or Ubuntu, but the procedure can be adjusted to other distributions.

This requirement will be lifted in the future with confidential virtual machines that encrypt the filesystem themself.

Software required

• The aleph-client command-line tool
• The sevctl tool from AMD
• A OpenSSH keypair
• An IPFS Server
• Optional: Qemu to test your VM locally

aleph-client

The aleph-client command line tool can be installed following the documentation here.

sevctl

Installing Rust and Cargo:

curl https://sh.rustup.rs -sSf | sh

or on Ubuntu 24.04:

apt install cargo

The sevctl tool can then be installed using cargo:

cargo install sevctl
set --export PATH ~.cargo/bin:$PATH

guestmount

This tool is used to create the encrypted disk.

On systems based on Debian/Ubuntu, it can be installed using:

apt install guestmount

Note: Up to 119 dependencies and 178 MB of additional disk space will be used.

IPFS Server

The encrypted filesystem you will create is close to 4 GB.

In order to copy in on the aleph.im decentralized network, it is required to first make it available on IPFS.

---

Next: Creating an encrypted filesystem