Document secure-validator mode

This page will be linked to in an error message if a validator fails to meet the requirements. Let me know if there is too much or too little detail. Closes w3f#4881
mrcnski · Nov 8, 2023 · 393786b · 393786b
1 parent 0d02282
commit 393786b
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/docs/maintain/maintain-guides-secure-validator.md b/docs/maintain/maintain-guides-secure-validator.md
@@ -69,6 +69,32 @@ behavior.
 
 :::
 
+### Secure-Validator Mode
+
+Parity Polkadot has a Secure-Validator Mode which enables several protections for keeping keys
+secure. The protections include highly strict filesystem, networking, and process sandboxing, on top
+of the existing wasmtime sandbox.
+
+This mode is **on by default** if the machine meets the following requirements, and if not, there is
+an error message with instructions on disabling Secure-Validator Mode.
+
+#### Requirements
+
+1. **Linux on x86-64**.
+2. **seccomp enabled**. You can check that this is the case by running the following command:
+
+```
+cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
+```
+
+The expected output, if enabled, is:
+
+```
+CONFIG_SECCOMP=y
+```
+
+3. OPTIONAL: **Linux 5.13**. Provides access to even more strict filesystem protections.
+
 ## Monitoring Tools
 
 - [Telemetry](https://github.com/paritytech/substrate-telemetry) This tracks your node details