Document how to enable Confidential computing on CRN

docs/nodes/compute/advanced/enable-confidential.md

@@ -0,0 +1,43 @@
+# Confidential computing
+
+This guide outlines how to enable [Confidential Computing](/computing/confidential/index.md) on a CRN.
+
+## Hardware requirement
+To enable Confidential Computing, your system must be equipped with 4th Generation AMD EPYC™ Processors that support Secure Encrypted Virtualization (SEV).
+
+The supported processors include the [9004 Series Processors and 8004 Series Processors](https://www.amd.com/en/products/processors/server/epyc/4th-generation-9004-and-8004-series.html#tabs-4380fde236-item-2130f0d757-tab).
+
+Note that the [4004 Series Processors do not provide SEV](https://www.amd.com/en/products/processors/server/epyc/infinity-guard.html) and are therefore not supported.
+
+> ℹ️ The 4th Generation requirement stems from security vulnerabilities discovered in SEV on Zen3 and earlier architectures.
+
+## Additional Software Requirements
+In addition to the standard software requirements, the following must be configured:
+* **BIOS Configuration**: SEV support must be [enabled in the BIOS](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/tuning-guides/58207-using-sev-with-amd-epyc-processors.pdf) (refer to Section 2.1 of the document). (see Section 2.1).
+* **Kernel and Platform Support**: The operating system kernel must support SEV. For example, Ubuntu 24.04 includes this support by default.
+* **sevctl**: The [sevctl](https://github.com/virtee/sevctl) tool must be installed. This utility is included in the aleph-vm Debian package and is installed at `/opt/sevctl`.
+* **QEMU**: QEMU must be installed on the system. `apt install cloud-image-utils qemu-utils qemu-system-x86`
+
+To verify that your system supports AMD SEV, run the following command:  `sevctl ok`
+
+A successful output should include:
+```[ PASS ]   - Secure Encrypted Virtualization (SEV)```
+For more details on enabling SEV and troubleshooting, refer to the official [AMD SEV documentation](https://www.amd.com/fr/developer/sev.html).
+
+
+## Enabling the confidential computing feature
+
+To enable SEV in the `aleph-vm` configuration, modify the supervisor.env file, by default located at `/etc/aleph-vm/supervisor.env`. Add or update the following lines:
+```
+ALEPH_VM_ENABLE_QEMU_SUPPORT=1
+ALEPH_VM_ENABLE_CONFIDENTIAL_COMPUTING=1
+
+```
+
+After starting the server, verify that Confidential Computing is enabled by checking the configuration endpoint at:
+`http://localhost:4020/status/config` 
+
+The endpoint should return:
+```json
+ENABLE_CONFIDENTIAL_COMPUTING: true
+```

docs/nodes/compute/index.md

@@ -1,6 +1,6 @@
 # Introduction
 
-Aleph.im compute resource nodes are decentralized computing infrastructure components that form a vital part of the
+Aleph.im compute resource nodes (CRN) are decentralized computing infrastructure components that form a vital part of the
 aleph.im network. These nodes work collectively to provide distributed and secure computing power, storage, and other
 resources to users and applications on the platform.
 

mkdocs.yml

@@ -76,6 +76,7 @@ nav:
         - 'Ubuntu 20.04': nodes/compute/installation/ubuntu-20.04.md
         - 'Ubuntu 22.04': nodes/compute/installation/ubuntu-22.04.md
         - 'Troubleshooting': nodes/compute/troubleshooting.md
+        - 'Confidential computing': nodes/compute/advanced/enable-confidential.md
       - 'Releases': nodes/compute/releases.md
     - 'Reliability':
       - 'Introduction': nodes/reliability/index.md