Downloading the IBM Confidential Computing Container Runtime bundle

You can get the IBM Confidential Computing Container Runtime image from IBM Passport Advantage.

Note: To download the fix pack of IBM Confidential Computing Container Runtime, see Downloading the IBM Confidential Computing Container Runtime fix pack bundle.

This procedure is intended for users with the role Private cloud operations administrator.

Procedure

Complete the following steps.

  1. Log in to the IBM Passport Advantage website by using your IBM account ID and password. Contact your sales representative if you do not have one.

  2. Go to My Programs, and then select the IBM Hyper Protect Virtual Servers program.

  3. Download the image of version 2.2.3, part number M0V25EN; the name of the downloaded file is IBM_HPVS_OnPrem_v2.2.3_EN.tar.gz.

  4. Create a directory to store the IBM Confidential Computing Container Runtime bundle. Change to the directory, and extract the compressed file by using the following commands.

    mkdir /opt/<installation_directory>
    cd /opt/<installation_directory>
    gunzip IBM_HPVS_OnPrem_v2.2.3_EN.tar.gz
    tar -xvf IBM_HPVS_OnPrem_v2.2.3_EN.tar
     

    You will get the following files in the current directory:

    • M0RHCEN.tar.gz, the offering image tar file.
    • M0RHCEN.tar.gz.sig, the signature file for the offering image.

    Note: You can download the public key issued by IBM for the offering image:

  5. To verify the integrity of IBM Confidential Computing Container Runtime image tar file, run the following example command by using the signature file with the .sig suffix, and the public key that you downloaded with the suffix .pem, along with the image tar file.

    openssl dgst -sha256 -verify publickey.pem -signature M0RHCEN.tar.gz.sig M0RHCEN.tar.gz
     
  6. Extract the compressed tar file by using the following commands.

    cd /opt/<installation_directory>
    tar -xvzf M0RHCEN.tar.gz
     

    Note:

    • Some of the extracted files are in *.gz format, and they should be used as is and should not be extracted once again.
    • It is recommended that you use the latest images because they are valid for longer and have the latest security fixes. Upgrade to the latest image because the earlier images will expire soon.

Result

The following directories and files are available after you extract the file:

  • readme.txt, which is the general README file for IBM Confidential Computing Container Runtime.

  • License, a directory that contains the license files of IBM Confidential Computing Container Runtime.

  • version, which has the version information of IBM Confidential Computing Container Runtime.

  • images, a directory that contains the IBM Confidential Computing Container Runtime qcow2 image, which is used to bring up a IBM Confidential Computing Container Runtime instance in KVM environment.

  • config/certs, a directory that contains all the certificates that are used to encrypt the contract, attestation, and signatures.

  • swidtag, a directory that contains the IBM License Metric Tool (ILMT) configuration file.

  • se-header.bin, the SE header file to be used for Crypto passthrough feature.

    Get the SE header file from the image TAR file at the following location:

       IBM_HPVS_2.2.3/config
     

Certificate expiry dates

Table 2. Attestation certificate expiry dates.

Table 3. Encryption certificate expiry dates.

Table 4. Intermediate certificate expiry dates.

Note: For versions 2.1.11 and earlier, certificates have already expired.

You can see files and directories similar to the following example under the <installation_directory> directory.

# tree
.
├── License
│   ├── LA_cs
│   ├── LA_de
│   ├── LA_el
│   ├── LA_en
│   ├── LA_es
│   ├── LA_fr
│   ├── LA_in
│   ├── LA_it
│   ├── LA_ja
│   ├── LA_ko
│   ├── LA_lt
│   ├── LA_pl
│   ├── LA_pt
│   ├── LA_ru
│   ├── LA_sl
│   ├── LA_tr
│   ├── LA_zh
│   ├── LA_zh_TW
│   ├── LI_cs
│   ├── LI_de
│   ├── LI_el
│   ├── LI_en
│   ├── LI_es
│   ├── LI_fr
│   ├── LI_in
│   ├── LI_it
│   ├── LI_ja
│   ├── LI_ko
│   ├── LI_lt
│   ├── LI_pl
│   ├── LI_pt
│   ├── LI_sl
│   ├── LI_tr
│   ├── LI_zh
│   ├── LI_zh_TW
│   ├── non_ibm_license
│   └── notices
├── config
│   ├── certs
│   │   ├── ibm-hyper-protect-container-runtime-25.8.1-attestation.crt
│   │   ├── ibm-hyper-protect-container-runtime-25.8.1-encrypt.crt
│   │   └── ibm-hyper-protect-container-runtime-25.8.1-intermediate.crt
│   └── ibm-hyper-protect-container-runtime-25.8.1-se-header.bin
├── images
│   └── ibm-hyper-protect-container-runtime-25.8.1.qcow2
├── readme.txt
├── swidtag
│   └── ibm.com_IBM_Hyper_Protect_Virtual_Servers-2.2.3x.swidtag
└── version