This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Hardware Requirements

Hardware requirements for deploying Confidential Containers

Confidential Computing is a hardware technology. Confidential Containers supports multiple hardware platforms and can leverage cloud hardware. If you do not have bare metal hardware and will deploy Confidential Containers with a cloud integration, continue to the cloud section.

You can also run Confidential Containers without hardware support for testing or development.

The Confidential Containers operator, which is described in the following section, does not setup the host kernel, firmware, or system configuration. Before installing Confidential Containers on a bare metal system, make sure that your node can start confidential VMs.

This section will describe the configuration that is required on the host.

Regardless of your platform, it is recommended to have at least 8GB of RAM and 4 cores on your worker node.

1 - CoCo without Hardware

Testing and development without hardware

For testing or development, Confidential Containers can be deployed without any hardware support.

This is referred to as a coco-dev or non-tee. A coco-dev deployment functions the same way as Confidential Containers with an enclave, but a non-confidential VM is used instead of a confidential VM. This does not provide any security guarantees, but it can be used for testing.

No additional host configuration is required as long as the host supports virtualization.

2 - Secure Execution Host Setup

Host configurations for IBM s390x

TODO

3 - SEV-SNP Host Setup

Host configurations for AMD SEV-SNP machines

TODO

4 - SGX Host Setup

Host configurations for Intel SGX machines

TODO

5 - TDX Host Setup

Host configurations for Intel TDX machines

TODO