ayo/ipex-llm
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
ipex-llm/docs/readthedocs/source/doc/PPML/Overview/install.md
Qiyuan Gong 0a49cd03bf [PPML] Reorg Readthedoc tutorial & menu (#6476) 
* Change User Guide to Introduction
* Add Installation
* Refine toc and examples
* Refine title
* Add FAQs for Installation
2022-11-08 16:26:59 +08:00

2.5 KiB
Raw Blame History

PPML Installation

OS requirement

.. note::
    **Hardware requirements**:

     Intel SGX: PPML's features (except Homomorphic Encryption) are mainly built upon Intel SGX. Intel SGX requires Intel CPU with SGX feature, e.g., IceLake (3rd Xeon Platform). `Check if your CPU has SGX feature <https://www.intel.com/content/www/us/en/support/articles/000028173/processors.html>`_

.. note::
    **Supported OS**:

     PPML is thoroughly tested on Ubuntu (18.04/20.04), and should works fine on CentOS/Redhat 8.

Enable SGX for your Cluster

.. mermaid::
   
   graph TD
      usesgx{Use SGX?} -- Yes --> installsgx(Install SGX Driver for Node)
      usesgx{Use SGX?} -- No --> he(Homomorphic Encryption)
      installsgx --> installaesm(Install AESM for Node)
      installaesm --> needatt{Need Attestation?}
      needatt -- Yes --> installPCCS(Install PCCS for Cluster)
Install SGX Driver

Please refer to Install SGX (Software Guard Extensions) Driver for Xeon Server.

Install AESM
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null
wget -O - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
sudo apt-get install libsgx-urts libsgx-dcap-ql libsgx-dcap-default-qpl
Install PCCS (for attestation)

Please refer to Intel® Software Guard Extensions Data Center Attestation Primitives (Intel® SGX DCAP): A Quick Install Guide

Install Kubernetes SGX Plugin (K8S only)

Please refer to Deploy the Intel SGX Device Plugin for Kubernetes.

FAQs

  1. Is SGX supported on CentOS 6/7? No. Please upgrade your OS if possible.

  2. Do we need Internet connection for SGX node? No. We can use PCCS for registration and certificates downloading. Only PCCS need Internet connection.

  3. Does PCCS requires SGX? No. PCCS can be installed on any server with Internet connection.

  4. Can we turn off attestation? Of course. But, urnning off attestation will break integrity provided by SGX. Attestation is turned off to simplify installation for quick start.