It is generally advised for SGX users to run their machine in the cloud, as some attack vectors are only possible if you have physical access to the machine. Having them in the cloud does already enhance the trust guarantees that you can give to your customers. Renting a bare-metal cloud means that a dedicated hardware server instance is allocated to you. It is exclusively yours, you can set it up from scratch, and you don’t run in a virtual machine (VM). This contrasts with traditional cloud server offerings where your software ends up in a VM on some server that is shared with other users, and you also might change between servers. This multi-tenant architecture increases the security risk and doesn’t give you performance guarantees.
Conclusively, a bare-metal cloud is what you want if you care about security and constant performance.
OVHcloud is a cloud provider offering SGX-enabled bare-metal machines. A setup on such a machine would be comprised of the following:
- Make sure SGX is enabled in the bios
- Install the necessary SGX drivers
- Install the SGX-SDK according to GitHub - intel/linux-sgx: Intel SGX for Linux*
- Deploy your binary/docker image