Quick start guides you through the basic verification process of Confidential-AI, which includes the following steps:
- Deploying Trustee as a user-controlled component that stores sensitive data.
- Encrypting the model file, uploading the encrypted model to Alibaba Cloud OSS, and saving the encryption key in Trustee.
- Deploying Trustiflux as a trusted component in the cloud.
- Verifying the cloud environment through remote attestation, obtaining the encryption key from Trustee, downloading the encrypted model from Alibaba Cloud OSS, and decrypting it to mount in a trusted environment.
According to the threat model, the first two steps occur on the user side, while the last two steps happen in the cloud. However, for the sake of demonstration, the process shown in this document is based on the same Alibaba Cloud TDX ECS and utilizes a local network.
- Alibaba Cloud TDX ECS: Refer to the “Creating TDX Instances” section in TDX Confidential Computing Environment guide and it's recommended to create it via the console.
- Alibaba Cloud OSS: Activate Alibaba Cloud OSS service.
- Alibaba Cloud Account Access Keys: Refer to guide for creating AccessKey to obtain and save the Access Key and Access Secret.
(Enabling Docker experimental features allows us to use oras)
- Edit the Docker Configuration File
The Docker configuration file is typically located at
/etc/docker/daemon.json
. You can open this file with any text editor (such asnano
orvim
). If the file does not exist, you can create a new one.
sudo vim /etc/docker/daemon.json
- Add Experimental Features Configuration
In the
daemon.json
file, add the following content to enable experimental features.
{
"experimental": true
}
- Restart the Docker Service
sudo systemctl restart docker
- Run the command below to automatically configure Alibaba Cloud PCCS for Alibaba Cloud ECS.
token=$(curl -s -X PUT -H "X-aliyun-ecs-metadata-token-ttl-seconds: 5" "http://100.100.100.200/latest/api/token")
region_id=$(curl -s -H "X-aliyun-ecs-metadata-token: $token" http://100.100.100.200/latest/meta-data/region-id)
# Set PCCS_URL to point to the PCCS in the instance's region
PCCS_URL=https://sgx-dcap-server-vpc.${region_id}.aliyuncs.com/sgx/certification/v4/
sudo bash -c 'cat > /etc/sgx_default_qcnl.conf' << EOF
# PCCS server address
PCCS_URL=${PCCS_URL}
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE
EOF
- Download the Confidential-AI code.
git clone https://github.com/inclavare-containers/Confidential-AI.git
-
Write the prepared Alibaba Cloud account access keys to the corresponding positions in the
Confidential-AI/.env
file. -
Navigate to the Trustee folder and run the
run.sh
file.
cd Confidential-AI/Trustee
./run.sh
- Download the Confidential-AI code.
git clone https://github.com/inclavare-containers/Confidential-AI.git
-
Write the prepared Alibaba Cloud account access keys to the corresponding positions in the
Confidential-AI/.env
file. -
Navigate to the Trustiflux folder and run the
run.sh
file.
cd Confidential-AI/Trustiflux
./run.sh
- Image Pulling is Slow or Fails
Configure image acceleration based on Alibaba Cloud ACR. Refer to the official image acceleration documentation.
- Failed to Automatically Configure Alibaba Cloud PCCS
You can configure it manually. If you have correctly created the Alibaba Cloud TDX ECS according to the preparation instructions, the region for your instance should be North China 2 (Beijing), i.e., cn-beijing
. Manually create the /etc/sgx_default_qcnl.conf
file and write the following content.
# PCCS server address
PCCS_URL=https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v4/
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE
- Failed to Run run.sh
First run the clean.sh
file in the same directory, then run run.sh
.