Skip to content

SCONE Installation

A modern Linux kernel (starting 5.11) supports SGX out of the box. If your workload runs inside of virtual machines, then starting with Linux kernel 5.13, KVM supports SGX inside of virtual machines.
In other words, there is no modification of the system software needed.

You can run vanilla Kubernetes software - there is no need to customize Kubernetes. We maintain a SGX Plugin that permits your application to use SGX from within containers. This SGX plugin can be installed via helm.

For older Linux Kernels (deprecated)

We recommend to use Alpine Linux for container images using SCONE and and Ubuntu 20.04 LTS or Ubuntu 18.04 LTS for the hosts that run these container images. To ensure that your Ubuntu host has all software installed to run SCONE containers, you can just run:

curl -fssl https://raw.githubusercontent.com/scontain/install_dependencies/master/install-host-prerequisites.sh | bash

This script will check if the required components are already installed and installs only the components that have not yet been installed.

Installation Options

You can run SCONE-based application on baremetal servers as well as inside of VMs. Applications need access to an driver and the applications need to be linked either dynamically during load time or during compile time with the SCONE Runtime Encryption Library. In this way, the application will be executed inside of an enclave:

SCONE Workflow

Containers are the default way to deploy SCONE-based applications. The application is linked with the SCONE Runtime Encryption Library (dynamically or statically). The Application needs to have access to the SGX driver:

SCONE Workflow

We recommend to deploy SCONE-based applications in Kubernetes clusters with the help of helm:

SCONE Workflow

Customized Installation

You can customize the SCONE installation based on your needs. Depending on how you want to use SCONE, you could instead install software components on a per need basis:

Ensure that your CPU runs the newest microcode by updating the CPU microcode.