Notice: This project is no longer maintained in this repository. Future updates and upgrades have been moved to OpenAnolis Community. Please visit the new repository for the newest information.
Quick start guides you through the basic verification process of Confidential-AI, which includes the following steps:
- Deploying Trustee as a user-controlled component that stores sensitive data.
- Encrypting the model file, uploading the encrypted model to Trustee, and saving the encryption key in Trustee.
- Deploying Trustiflux as a trusted component in the cloud.
- Verifying the cloud environment through remote attestation, obtaining the encryption key and the encrypted model from Trustee, and decrypting the model to mount in a trusted environment.
According to the threat model, the first two steps occur on the user side, while the last two steps happen in the cloud. However, for the sake of demonstration, the process shown in this document is based on the same Alibaba Cloud TDX ECS and utilizes a local network.
- Alibaba Cloud TDX ECS: Refer to the “Creating TDX Instances” section in TDX Confidential Computing Environment guide and it's recommended to create it via the console.
- Run the command below to automatically configure Alibaba Cloud PCCS for Alibaba Cloud ECS.
token=$(curl -s -X PUT -H "X-aliyun-ecs-metadata-token-ttl-seconds: 5" "http://100.100.100.200/latest/api/token")
region_id=$(curl -s -H "X-aliyun-ecs-metadata-token: $token" http://100.100.100.200/latest/meta-data/region-id)
# Set PCCS_URL to point to the PCCS in the instance's region
PCCS_URL=https://sgx-dcap-server-vpc.${region_id}.aliyuncs.com/sgx/certification/v4/
sudo bash -c 'cat > /etc/sgx_default_qcnl.conf' << EOF
# PCCS server address
PCCS_URL=${PCCS_URL}
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE
EOF- Download the Confidential-AI code.
git clone https://github.com/inclavare-containers/Confidential-AI.git- (Optional) Configure the
Confidential-AI/.envfile. Non-empty fields must match the Trustiflux-side configuration.
MODEL_TYPE: Model type, currently supports helloworld;GOCRYPTFS_PASSWORD: Encryption key string;KBS_KEY_PATH: Path to the encrypted key in Trustee;KBS_MODEL_DIR: Path to the encrypted model in Trustee;TRUSTEE_ADDRESS: Service address of Trustee.
- Navigate to the Trustee folder and run the
run.shfile.
cd Confidential-AI/Trustee
./run.sh- Download the Confidential-AI code.
git clone https://github.com/inclavare-containers/Confidential-AI.git- (Optional) Configure the
Confidential-AI/.envfile. Non-empty fields must match the Trustee-side configuration.
MODEL_TYPE: Model type, currently supports helloworld;GOCRYPTFS_PASSWORD: Leave empty; it will be obtained from Trustee via remote attestation;KBS_KEY_PATH: Path to the encrypted key in Trustee;KBS_MODEL_DIR: Path to the encrypted model in Trustee;TRUSTEE_ADDRESS: Service address of Trustee.
- Navigate to the Trustiflux folder and run the
run.shfile.
cd Confidential-AI/Trustiflux
./run.shOn the Trustee side, execute the following command to send a request to Trustiflux via the TNG trusted channel:
curl http://127.0.0.1:9001/The example web service deployed on the Trustiflux side will return a list of decrypted model files. If the CAI deployment is successful, you should see a response similar to the following:
{
"timestamp": "2025-03-20T07:28:07.718523",
"total_files": 2,
"files": [
"helloworld/hello.txt",
"helloworld/world.txt"
]
}- Image Pulling is Slow or Fails
Configure image acceleration based on Alibaba Cloud ACR. Refer to the official image acceleration documentation.
- Failed to Automatically Configure Alibaba Cloud PCCS
You can configure it manually. If you have correctly created the Alibaba Cloud TDX ECS according to the preparation instructions, the region for your instance should be North China 2 (Beijing), i.e., cn-beijing. Manually create the /etc/sgx_default_qcnl.conf file and write the following content.
# PCCS server address
PCCS_URL=https://sgx-dcap-server.cn-beijing.aliyuncs.com/sgx/certification/v4/
# To accept insecure HTTPS cert, set this option to FALSE
USE_SECURE_CERT=FALSE- Failed to Run run.sh
First run the clean.sh file in the same directory, then run run.sh.