This topic describes sgx-device-plugin and lists the latest changes to sgx-device-plugin.
sgx-device-plugin is a plug-in developed by Alibaba Cloud and Ant Financial for Alibaba Cloud Container Service for Kubernetes (ACK). sgx-device-plugin facilitates the use of Intel (R) Software Guard Extensions (SGX) in containers. Intel (R) SGX is a set of CPU instructions provided by Intel. Intel (R) SGX increases the security of application code and data, and protects them from disclosure and malicious tampering. For more information, see software-guard-extensions.Features
- Supports Intel (R) SGX without the need to enable the privilege mode.
- Automatically retrieves the size of the Enclave Page Cache (EPC).
- Supports declarative EPC resource allocation.
- Can I deploy sgx-device-plugin in Kubernetes clusters that are deployed off Alibaba Cloud?
Yes. sgx-device-plugin can be deployed in all types of Kubernetes clusters. However, you can run sgx-device-plugin on only SGX-enabled nodes.
- Can I use sgx-device-plugin to control the EPC size for SGX-enabled containers?
No. TheEPC size limit specified by the alibabacloud.com/sgx_epc_MiB parameter is applicable to only kube-scheduler. Intel (R) SGX Driver does not support this parameter.
- Is sgx-device-plugin open source?
Yes. For more information, see sgx-device-plugin.
|Version||Image address||Release date||Description||Impact|
|v1.0.0-5f5b5ef-aliyun||registry.cn-hangzhou.aliyuncs.com/acs/sgx-device-plugin:v1.0.0-5f5b5ef-aliyun||February 21, 2020||
||No impact on workloads.|