From 187dd53abb30e9dde3a88b38737902da18b9e71e Mon Sep 17 00:00:00 2001 From: CedarMist <134699267+CedarMist@users.noreply.github.com> Date: Fri, 27 Sep 2024 05:47:14 +0100 Subject: [PATCH] docs: Cloud Providers (that support Intel SGX) --- .../prerequisites/cloud-providers.md | 48 +++++++++++++++++++ .../prerequisites/hardware-recommendations.md | 5 +- sidebarNode.ts | 1 + 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 docs/node/run-your-node/prerequisites/cloud-providers.md diff --git a/docs/node/run-your-node/prerequisites/cloud-providers.md b/docs/node/run-your-node/prerequisites/cloud-providers.md new file mode 100644 index 0000000000..ed53c5f9e1 --- /dev/null +++ b/docs/node/run-your-node/prerequisites/cloud-providers.md @@ -0,0 +1,48 @@ +# Cloud Providers + +Before committing to a service be sure to verify the processor compatibility and +enquire with the provider about the status of Intel SGX support. Intel maintains +a comprehensive list of processors that support Intel SGX: + + * https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html + + +## Possible Limitations + +While many bare-metal or dedicated server providers use Intel processors that +support SGX, there are potential limitations: + + * **BIOS Configuration:** Some providers may not allow customers to access or + modify BIOS settings, which may be necessary to correctly configure Intel + SGX. + * **Outdated Firmware:** SGX requires up-to-date firmware. Some providers may + not maintain their systems with the latest firmware updates, preventing SGX from functioning correctly. + * **Lack of SGX-specific Offerings:** Many providers may not advertise or + specifically offer SGX-enabled servers, making it difficult for customers to + know if the feature is available. + * **Limited Support:** Even if SGX is available, the provider's support team + may not be familiar with SGX-specific issues or configurations. + * **Hardware Provisioning:** If you use keys (such as SGX sealing keys) that + are bound to hardware to encrypt the data of an instance within an Intel SGX + enclave, the encrypted data cannot be decrypted after the host of the + instance is changed. + +## Known Providers + + +| Provider | Product | Documentation | Last Updated | +| - | - | - | - | +| [Alibaba Cloud](https://www.alibabacloud.com) | [(ECS) Bare Metal Instances](https://www.alibabacloud.com/en/product/ebm) | [Build an SGX confidential computing environment](https://www.alibabacloud.com/help/en/ecs/user-guide/build-an-sgx-encrypted-computing-environment) | 2024-09-25 | +| [Azure](https://azure.microsoft.com/) | [Some Dedicated Host SKUs](https://learn.microsoft.com/en-us/azure/virtual-machines/dedicated-host-general-purpose-skus) | [Solutions on Azure for Intel SGX](https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions-sgx) | 2024-09-25 | +| [Gcore](https://gcore.com) | [Bare Metal](https://gcore.com/cloud/bare-metal-servers) | [Computing with Intel SGX](https://gcore.com/cloud/intel-sgx) | 2024-09-25 | +| [IBM Cloud](https://cloud.ibm.com/) | [Virtual Private Cloud (VPC)](https://www.ibm.com/cloud/vpc) | [Confidential computing with SGX for VPC](https://cloud.ibm.com/docs/vpc?topic=vpc-about-sgx-vpc). | 2024-09-25 | +| [OVH](https://www.ovhcloud.com/) | [Bare Metal servers](https://www.ovhcloud.com/en/bare-metal/prices/?use_cases=confidential-computing) | [SGX for Confidential Computing](https://www.ovhcloud.com/en/bare-metal/intel-software-guard-extensions/) | 2024-09-25 | +| [PhoenixNAP](https://phoenixnap.com/) | [Bare Metal Cloud](https://phoenixnap.com/bare-metal-cloud) | [What is Intel SGX and What are the Benefits?](https://phoenixnap.com/kb/intel-sgx) | 2024-09-25 | +| [Vultr](https://www.vultr.com/) | [Bare Metal](https://www.vultr.com/products/bare-metal/) | [Intel SGX development on Vultr](https://zenlot.medium.com/intel-sgx-development-on-vultr-30cdfd5c9754) | 2024-09-25 | + +If you are aware of more cloud or dedicated server providers that actively +support Intel SGX or Intel TDX, or have updated information about the providers +listed on this page, please [create an issue on Github] with the additional +details. + +[create an issue on Github]: https://github.com/oasisprotocol/docs/issues/new \ No newline at end of file diff --git a/docs/node/run-your-node/prerequisites/hardware-recommendations.md b/docs/node/run-your-node/prerequisites/hardware-recommendations.md index 53032baa3f..a2aea09e9d 100644 --- a/docs/node/run-your-node/prerequisites/hardware-recommendations.md +++ b/docs/node/run-your-node/prerequisites/hardware-recommendations.md @@ -64,7 +64,8 @@ The [Advanced Vector Extensions 2 (AVX2)][AVX2] support enables faster Ed25519 signature verification which in turn makes a node sync faster. The [Intel SGX] support is required if you want to run Paratime compute nodes -that use a trusted execution environment (TEE). +that use a trusted execution environment (TEE). Intel maintains a comprehensive +list of [processors that support Intel SGX]. ::: @@ -74,6 +75,8 @@ that use a trusted execution environment (TEE). https://en.wikipedia.org/wiki/Advanced_Vector_Extensions#Advanced_Vector_Extensions_2 [Intel SGX]: https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html +[processors that support Intel SGX]: + https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html ### Memory diff --git a/sidebarNode.ts b/sidebarNode.ts index cde73808f2..f9c5e05e9c 100644 --- a/sidebarNode.ts +++ b/sidebarNode.ts @@ -66,6 +66,7 @@ export const sidebarNode: SidebarsConfig = { }, items: [ 'node/run-your-node/prerequisites/hardware-recommendations', + 'node/run-your-node/prerequisites/cloud-providers', 'node/run-your-node/prerequisites/stake-requirements', 'node/run-your-node/prerequisites/oasis-node', 'node/run-your-node/prerequisites/system-configuration',