Hardware Requirements and AMD SEV SNP
What is a TEE and why do Switchboard Oracles need it?
Last updated
What is a TEE and why do Switchboard Oracles need it?
Last updated
Switchboard Oracles code uses a security feature called a to ensure that the code and data in transit is safe and secure, even from the Oracle Operators themselves.
To achieve this solution, a server that supports TEE via .
In order for AMD SEV SNP to be enabled, you'll have to get a CPU and motherboard that supports it and ensure AMD SEV SNP is enabled in BIOS. You'll need an AMD EPYC processors that is part of family 7xx3, 7xx4, 9xx3 or 9xx4 series (or newer) with AMD SEV SNP support.
We specifically successfully tested with 7413 and 7313 CPUs.
Check the following link for a complete list .
To sum it up, we use the AMD SEV SNP set of technologies as a TEE platform to encrypt virtual machines memory and isolate them to protect against unauthorized access, even from the hypervisor. However, it's fundamental to keep your BIOS and firmware updated for optimal security and performance. For validated providers and specific setup instructions, refer to later sections.
While not technically mandatory, if possible ensure to disable hyperthreading (SMT) as it is a potential security issue in a number of cases when working with TEEs.
We identified a set of trusted providers that we know works well with AMD SEV SNP and our own code, you can find a list later in the manual.
Connect to your system BIOS and then be sure to change the following settings:
SVM Mode: Enabled
SMEE: Enabled
SEV-ES ASID Count: 509 ASIDs
SEV-ES ASID Space Limit Control: Manual
SEV-ES ASID Space Limit: 32 (or more)
SEV Control: Enabled
SNP Memory (RMP Table) Coverage: Enabled
Performance OR CCD/Core/Thread Enablement
SMT (Multithreading): Disabled
SEV-SNP Support : Enabled (NOT Auto)