Document secure-validator mode (#5346)

* Document secure-validator mode This page will be linked to in an error message if a validator fails to meet the requirements. Let me know if there is too much or too little detail. Closes #4881 * Make requirement use a bit less technical language * Add warning about disabling secure mode * minor edits, grammar check --------- Co-authored-by: filippoweb3 <[email protected]>
w3f · Nov 9, 2023 · 03314b8 · 03314b8
1 parent aba6f18
commit 03314b8
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/docs/maintain/maintain-guides-secure-validator.md b/docs/maintain/maintain-guides-secure-validator.md
@@ -69,6 +69,33 @@ behavior.
 
 :::
 
+### Secure-Validator Mode
+
+Parity Polkadot has a Secure-Validator Mode, enabling several protections for keeping keys secure.
+The protections include highly strict filesystem, networking, and process sandboxing on top of the
+existing wasmtime sandbox.
+
+This mode is **activated by default** if the machine meets the following requirements. If not, there
+is an error message with instructions on disabling Secure-Validator Mode, though this is not
+recommended due to the security risks involved.
+
+#### Requirements
+
+1. **Linux on x86-64 family** (usually Intel or AMD).
+2. **seccomp enabled**. You can check that this is the case by running the following command:
+
+```
+cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
+```
+
+The expected output, if enabled, is:
+
+```
+CONFIG_SECCOMP=y
+```
+
+3. OPTIONAL: **Linux 5.13**. Provides access to even more strict filesystem protections.
+
 ## Monitoring Tools
 
 - [Telemetry](https://github.com/paritytech/substrate-telemetry) This tracks your node details