Switchboard Documentation
  • Understanding Switchboard
    • Introduction
      • Why Switchboard Oracles?
      • Vision & mission
      • Brief History and Key Achievements to Date
      • Switchboard’s Architecture, Tech Stack and Security
        • Trusted Execution Environments (TEEs)
        • Oracle Queues
        • Node Architecture
  • Product Documentation
    • Data Feeds
      • Getting Started with Switchboard Data Feeds
      • Solana / SVM
        • Part 1: Designing and Simulating Your Feed
          • Option 1: Drag-and-Drop Feed Builder
          • Option 2: Designing a Feed in Typescript
        • Part 2: Deploying your Feed On-Chain
        • Part 3: Integrating your Feed
          • Integrating your Feed On-Chain
          • Integrating into Frontends
        • Costs
        • Integrating on Eclipse
      • EVM
        • Part 1: Prerequisites and Quick Start Guide
        • Part 2: Designing and Creating Your Feed
          • Option 1: Drag-and-Drop Feed Builder
          • Option 2: Designing a Feed in Typescript
        • Part 3: Integrating your Feed
          • Integrating your Feed On-Chain
          • Integrating your Feed with Typescript
          • Integrating into Frontends (EVM)
      • Aptos
      • Sui
      • Movement
      • Starknet
      • Optional Features
        • Switchboard Secrets
    • Aggregator
      • How to use the Switchboard Oracle Aggregator
    • Randomness
      • Why Randomness is important?
      • Switchboard's Approach to Verifiable Randomness
      • Tutorials
        • Solana / SVM
        • EVM
  • Tooling and Resources
    • Crossbar
      • Run Crossbar with Docker Compose
    • Switchboard Command Line Interface
    • Technical Resources and Documentation
      • SDKs and Documentation
      • Solana Accounts
      • EVM Identifiers
      • Code Examples (Github)
  • Switchboard Protocol
    • (Re)staking
      • What is (re)staking?
      • What are Node Consensus Networks (NCNs)?
      • What are Vault Receipt Tokens (VRTs)?
      • The Node Partner Program
    • Running a Switchboard Oracle
      • Prerequisites
        • Knowledge about Linux, containers and Self-Hosting
        • Hardware Requirements and AMD SEV SNP
        • Software Requirements
        • Network Requirements
      • Hardware: tested providers and setup
        • OVH
      • Platform: Kubernetes + AMD SEV SNP
        • Bare Metal with Kubernetes (K3s)
      • The Git Repo: Clone Our Code
        • Repo Structure
      • Configuration: Tweaking Configurations
        • cfg/00-common-vars.cfg
        • cfg/00-devnet-vars.cfg and cfg/00-mainnet-vars.cfg
      • Installation: Setup Via Scripts
        • Bare Metal with Kubernetes (K3s) + AMD SEV SNP
  • Frequently Asked Questions and Glossary
    • FAQ
    • Glossary
Powered by GitBook
On this page
  • AMD SEV SNP on AMD EPYC CPUs
  • How to enable AMD SEV SNP in MOST BIOS
  1. Switchboard Protocol
  2. Running a Switchboard Oracle
  3. Prerequisites

Hardware Requirements and AMD SEV SNP

What is a TEE and why do Switchboard Oracles need it?

Switchboard Oracles code uses a security feature called a TEE (Trusted Execution Environment) to ensure that the code and data in transit is safe and secure, even from the Oracle Operators themselves.

To achieve this solution, a server that supports TEE via AMD SEV SNP.

AMD SEV SNP on AMD EPYC CPUs

In order for AMD SEV SNP to be enabled, you'll have to get a CPU and motherboard that supports it and ensure AMD SEV SNP is enabled in BIOS. You'll need an AMD EPYC processors that is part of family 7xx3, 7xx4, 9xx3 or 9xx4 series (or newer) with AMD SEV SNP support.

We specifically successfully tested with 7413 and 7313 CPUs.

Check the following link for a complete list AMD SEV CPUs list in PDF.

To sum it up, we use the AMD SEV SNP set of technologies as a TEE platform to encrypt virtual machines memory and isolate them to protect against unauthorized access, even from the hypervisor. However, it's fundamental to keep your BIOS and firmware updated for optimal security and performance. For validated providers and specific setup instructions, refer to later sections.

While not technically mandatory, if possible ensure to disable hyperthreading (SMT) as it is a potential security issue in a number of cases when working with TEEs.

We identified a set of trusted providers that we know works well with AMD SEV SNP and our own code, you can find a list later in the manual.

How to enable AMD SEV SNP in MOST BIOS

Connect to your system BIOS and then be sure to change the following settings:

AMD CBS → CPU Common Options OR Advanced → CPU Configuration

  • SVM Mode: Enabled

  • SMEE: Enabled

AMD CBS → CPU Common Options

  • SEV-ES ASID Count: 509 ASIDs

  • SEV-ES ASID Space Limit Control: Manual

  • SEV-ES ASID Space Limit: 32 (or more)

  • SEV Control: Enabled

  • SNP Memory (RMP Table) Coverage: Enabled

AMD CBS → CPU Common Options

Performance OR CCD/Core/Thread Enablement

  • SMT (Multithreading): Disabled

AMD CBS → NBIO Common Options

  • SEV-SNP Support : Enabled (NOT Auto)

PreviousKnowledge about Linux, containers and Self-HostingNextSoftware Requirements

Last updated 1 month ago