Overview

Your API server co-signing components must be executed from an SGX-enabled machine with an SGX driver loaded.

This article describes the steps to configure a server for your API Co-Signer using the Azure Confidential Compute VM server configuration.

Creating an Azure Confidential Compute VM server

Follow this Microsoft installation guide.

• Only the Configure an Intel SGX virtual machine section is required. The necessary settings are listed below.
• You do not need to complete the Connect to the Linux VM or Next Steps sections.

Make sure you have these settings in the Get Started section:

1. Image: Ubuntu 20.04 LTS (Canonical)
   
2. Region: Select your region.
3. Under the "Advanced" tab: Gen 2.
4. Size (recommended): Under the DCsv3-series, the recommended size option is ‘Standard_DC4s_v3'.
   

   Note

   Standard_DC4s_v3 is not mandatory. Standard_DC4s_v2 also works, but v3 allows for optimized performance that is not available out of the box with Standard_DC4s_v2, and therefore requires requesting a quota increase by opening a ticket with the Azure support team. See the official Microsoft documentation for a list of SGX-supported instances.

The final setup window should look like this:

Depending on your needs or geographic location, you may select a different Size or Region. The minimum hardware requirements are:

• 16Gib memory
• 256GB storage

See the official Microsoft documentation to find which products are available per region.

SGX Enablement Verification

After the server creation is complete, verify SGX is enabled on the server.