Hello everyone,
I have some exciting news to share! We’ve been actively working on SEV support and I’m thrilled to report that things are moving along really well.
The team has made significant progress, and we’re planning to start testing SEV support on the IC this summer.
While running replicas under SEV may seem like a simple change, I wanted to share the main issues that make the project non-trivial:
- The primary goal of the project is to use SEV to derive encryption keys used for encrypting the node’s state. These keys will be tied to the hash of the running replica code and cannot be extracted from the replica virtual machine. This crucial change implies that a new release would no longer be able to read the replica state from a previous release, since the release hash changes.
- Consequently, we need to substantially redesign how replica upgrades are performed to allow securely sharing encryption keys between releases that have been approved by the community. This requires a significant rework of our current upgrade process.
- The release process needs to be extended to support computing SEV hashes of our releases. Furthermore, we must modify the NNS Registry to store this additional information.
- To support calculating and verifying the GuestOS hash at boot time, the OS bootloading mechanism requires significant changes.
- We need to develop a mechanism that nodes use to verify each other when establishing a connection. By default, SEV-enabled nodes should not send data to or process data from nodes that do not run under SEV or run a non-approved replica version.
- This work impacts many components in our infra and requires thorough testing and monitoring to avoid downtime or data loss.
We’re looking forward to sharing more updates as we move forward. Stay tuned for further details!