All Products
Search
Document Center

Elastic Compute Service:Build a confidential computing environment with Enclave

Last Updated:May 15, 2026

Create a trusted isolation space within an ECS instance with Enclave to protect your applications and data in use.

Background

Data is classified into data at rest, data in transit, and data in use.

  • Encryption protects data at rest and data in transit.

  • Protecting data in use requires confidential computing.

Enclave creates a trusted isolation space within an ECS instance and runs legitimate software in the enclave to protect the confidentiality and integrity of your code and data against malware. It suits industries that require strong data protection, such as finance, Internet, and healthcare.

How Enclave works

Compute resources (vCPUs and memory) within an ECS instance (the primary VM) are split to create an Enclave VM (EVM) as a trusted execution environment. The EVM is secured by:

  • Virtualization-based isolation: the EVM is isolated from the primary VM and other ECS instances.

  • Minimal attack surface: the EVM runs an independent, trusted OS with no persistent storage, interactive connections, or external networking. It communicates with the primary VM only through a vsock-based local secure channel.

The following figure shows how Enclave works.

image

Enclave provides multi-layer security. The third-generation SHENLONG architecture, with TPM or TCM chips, equips the EVM with vTPM or vTCM devices for enhanced trust. SDKs let you build and manage Enclave environments. For attestation, confidential applications generate attestation materials — including platform data, application information, and signatures — at runtime and verify them through a remote attestation server, which may work with Key Management Service (KMS). Once the primary VM allocates resources to the EVM, the underlying layer isolates them so the primary VM cannot access EVM vCPU or memory resources.

The following figure shows the Enclave architecture.

image

Limitations

  • Only instance types with four or more vCPUs in the hfg9i, hfc9i, hfr9i, g8i, c8i, and r8i instance families support Enclave.

  • Each ECS instance supports only one enclave.

  • Reserve at least one physical processor core and some memory for the primary VM before using an enclave. The remaining resources can be allocated to the enclave. If hyper-threading is enabled, two hyperthreads from the same core are reserved, so the instance must have at least four vCPUs.

For other limits, see Limits.

Create an Enclave-enabled instance

Creating an Enclave-enabled instance is similar to creating a regular instance. This section covers only the Enclave-specific parameters. For other parameters, see Create an instance with Custom Launch.

  1. Go to ECS console - Instance.

  2. In the upper-left corner of the page, select a region and resource group.地域

  3. Click Create Instance and configure the following parameters.

    Parameter

    Description

    Instance Type

    Select an instance type with ≥ 4 vCPUs in the hfg9i, hfc9i, hfr9i, g8i, c8i, or r8i instance family.

    Image

    Select Enclave, then select the Alibaba Cloud Linux 2.1903 LTS 64-bit (UEFI) image.

    Note

    Selecting Enclave automatically installs a trusted OS.

    image

    Instance RAM Role

    Select AliyunECSInstanceForYundunSysTrustRole, a service-linked role provided by Alibaba Cloud.

Install the Enclave CLI

  1. Install Docker on the Enclave-enabled instance.

  2. Use Workbench to connect to the Enclave-enabled instance over SSH.

  3. Install the Enclave CLI RPM package.

    1. Download the Enclave CLI RPM package.

      wget https://enclave-cn-beijing.oss-cn-beijing.aliyuncs.com/download/linux/enclave-cli/x86_64/2.1903/enclave-cli-1.0.8-1.x86_64.rpm
    2. Install the Enclave CLI.

      sudo rpm -ivh enclave-cli-1.0.8-1.x86_64.rpm
    3. Verify the installation.

      enclave-cli --version

      If a version number is returned, the installation succeeded.

      image.png

  4. Add the current user to the de and docker groups.

    1. Add the current user to the de group:

      sudo usermod -aG de <username>
      Note

      Replace <username> with the actual username, for example, test.

    2. Add the current user to the docker group.

      sudo usermod -aG docker <username>
      Note

      Replace <username> with the actual username, for example, test.

    3. Reconnect to the instance to apply the changes.

  5. Pre-allocate vCPUs and memory for the enclave.

    1. Open allocator.yaml.

      sudo vim /etc/ali-enclaves/allocator.yaml
    2. Press the i key to enter Insert mode.

    3. Set the following parameters:

      • memory_mib: memory allocated to the enclave. Unit: MiB.

      • cpu_count: vCPUs allocated to the enclave.

      The following example allocates 1,024 MiB of memory and 2 vCPUs to the enclave.

      # Enclave configuration file.
      #
      # How much memory to allocate for enclaves (in MiB).
      memory_mib: 1024
      #
      # How many CPUs to reserve for enclaves.
      cpu_count: 2
    4. Press the Esc key, enter :wq, and then press the Enter key to save and close the file.

  6. Start the resource allocation service and enable it on boot.

    sudo systemctl start ali-enclaves-allocator.service && \
    sudo systemctl enable ali-enclaves-allocator.service

    The service creates a dedicated vCPU pool for the enclave. This pool is exclusive to the enclave and unavailable to the host instance.

    Note

    To change the allocated resources, modify allocator.yaml and restart the service:

    sudo systemctl restart ali-enclaves-allocator.service
  7. Check the service status.

    systemctl status ali-enclaves-allocator.service

    The following output indicates the service is running.

    image.png

  8. Start Docker and enable it on boot.

    sudo systemctl start docker && sudo systemctl enable docker
    Note

    To uninstall the Enclave CLI, run sudo yum remove enclave-cli.

  9. Restart the instance to apply the changes.

References

For Enclave CLI usage, see Quick start.