Enable Confidential computing
Hardware requirement
To enable Confidential Computing, your system must be equipped with 4th Generation AMD EPYC™ Processors that support Secure Encrypted Virtualization (SEV).
The supported processors include the 9004 Series Processors and 8004 Series Processors.
⚠️ Note that the 4004 Series Processors do not provide SEV and are therefore not supported.
Additional Software Requirements
In addition to the standard software requirements, the following must be configured:
- BIOS Configuration: SEV support must be enabled in the BIOS (refer to Section 2.1 of the document). (see Section 2.1).
- Kernel and Platform Support: The operating system kernel must support SEV. For example, Ubuntu 24.04 includes this support by default.
- sevctl: The sevctl tool must be installed. This utility is included in the aleph-vm Debian package and is installed at
/opt/sevctl. - QEMU: QEMU must be installed on the system.
apt install cloud-image-utils qemu-utils qemu-system-x86
To verify that your system supports AMD SEV, run the following command: /opt/sevctl ok
A successful output should include:
[ PASS ] - Secure Encrypted Virtualization (SEV) For more details on enabling SEV and troubleshooting, refer to the official AMD SEV documentation.
Enabling the confidential computing feature
To enable SEV in the aleph-vm configuration, modify the supervisor.env file, by default located at /etc/aleph-vm/supervisor.env. Add or update the following lines:
ALEPH_VM_ENABLE_QEMU_SUPPORT=1
ALEPH_VM_ENABLE_CONFIDENTIAL_COMPUTING=1After starting the server, verify that Confidential Computing is enabled by checking the configuration endpoint at: http://localhost:4020/status/config
The endpoint should return:
ENABLE_CONFIDENTIAL_COMPUTING: true