Creating a Confidential VM instance

This page shows you the full set of options for creating a Confidential VM instance. To see the quickest way to create a Confidential VM, see the quickstart. To learn about Confidential VM's features and concepts, see Confidential VM and Compute Engine.

Considerations

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. Enable the Compute Engine API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  7. Enable the Compute Engine API.

    Enable the API

  8. Optional: To use the Google Cloud CLI examples in this guide:
  9. Optional: To use the API examples in this guide, set up authorization for your requests. Learn more about OAuth 2.0.

Create a Confidential VM instance

To create a Confidential VM, complete the following steps.

Console

  1. In the console, go to the VM Instances page.

    Go to VM Instances

  2. Select Create instance.

  3. Select the Confidential VM Service checkbox.

    Confidential VM checkbox

  4. In the Enable Confidential Computing service dialog, review the list of settings that are updated when you enable the service. They can include the following fields, if they were set to incompatible values.

  5. Click Enable.

  6. (Optional) Using the AMD EPYC Milan processor

    To set your instance to the AMD EPYC Milan processor, go to the Machine configuration section. Expand CPU Platform and GPU, and then select AMD Milan or later. Learn more about Compute Engine and AMD EPYC Milan processors.

  7. Verify that you are satisfied with these settings, and then click Create.

You return to the VM instances page where you can view the status and details for your new instance. When a green checkmark appears under Status, your new Confidential VM is ready to use.

gcloud

To create a Confidential VM instance with the gcloud CLI, use the instances create subcommand with the --confidential-compute flag. You must also set the --maintenance-policy flag to TERMINATE because Confidential VM does not support live migration.

gcloud compute instances create INSTANCE_NAME \
  --machine-type "MACHINE_TYPE" --zone "ZONE_NAME" \
  --confidential-compute --maintenance-policy=TERMINATE \
  --image-family=IMAGE_NAME \
  --image-project=IMAGE_PROJECT
  

Where:

The following example command creates an n2d-standard-16-type instance called "example-instance" in the us-central1-f zone:

gcloud compute instances create example-instance \
  --machine-type "n2d-standard-16" --zone "us-central1-f" \
  --confidential-compute --maintenance-policy=TERMINATE \
  --image="example-cvm-image" \
  --image-project="public-image-project"

API

To create a Confidential VM using the Compute Engine API, post a creation request to the Instances REST resource. In the request, set enableConfidentialCompute to TRUE. You must also set onHostMaintenance to TERMINATE because Confidential VM does not support live migration.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE_NAME/instances

{
  "machineType": "zones/ZONE_NAME/machineTypes/MACHINE_TYPE",
  "name": "INSTANCE_NAME",
  "minCpuPlatform": "MIN_CPU_PLATFORM",
  "confidentialInstanceConfig": {
    "enableConfidentialCompute": true
  },
  "scheduling": {
    "automaticRestart": true,
    "nodeAffinities": [],
    "onHostMaintenance": "TERMINATE",
    "preemptible": false
  }
  ...
}

Where:

  • PROJECT_ID is your project identifier.
  • ZONE_NAME is the zone in which to create the instance.
  • MACHINE_TYPE is a N2D or C2D machine type.
  • INSTANCE_NAME is the name of new instance.
  • MIN_CPU_PLATFORM is the minimum CPU platform. Optional.

    Using the AMD EPYC Milan processor

    To set your instance to the AMD EPYC Milan processor, set MIN_CPU_PLATFORM to "AMD Milan".

    Learn more about Compute Engine and AMD EPYC Milan processors.

Enabling higher network bandwidth for C2D machine types

The three largest C2D Compute Engine VM shapes (32, 56, and 112) support high-bandwidth networking. When you select a Tier 1 network bandwidth configuration, the egress bandwidth increases from the default 32 Gbps to 50 or 100 Gbps. To achieve the higher Tier 1 bandwidth speeds, the instance must be running the gVNIC virtual network driver. Learn more about configuring a VM with higher bandwidth.

Verify AMD SEV is enabled

Confidential VM uses AMD Secure Encrypted Virtualization (SEV). To verify that Confidential Computing is enabled, you may be able to use dmesg logs to verify that AMD SEV is active for your VM. Depending on the Linux distribution and other software installed on the guest, dmesg logs might be maintained differently. For definitive guidance about how to query dmesg logs, refer to the documentation for the Linux distribution.

To verify that AMD SEV is active for your VM, complete the following steps to connect to your instance, and then view the dmesg log.

  1. In the console, go to the VM Instances page.

    Go to VM Instances

  2. In the table on the Instances tab, find the row for your new Confidential VM instance.

  3. To open a terminal window for interacting with your Confidential VM instance, click SSH in the same row.

  4. On some Linux distributions, you might be able to verify that the Confidential VM instance is using AMD SEV by running the following dmesg command in the terminal window.

      dmesg | grep SEV | head
      

    You should receive a response that AMD Secure Encrypted Virtualization (SEV) is active.

To learn how to obtain more detailed information about the state of the Confidential VM instance by examining Cloud Monitoring integrity validation events, see Validating Confidential VM instances using Cloud Monitoring.

Verify the identity token of a Confidential VM

Before sending any sensitive information to the VM instance, your applications can request for the VM's unique identity token from the metadata server. The identity token includes details about an instance such as the instance ID, creation time, and license codes for the instance's images. The token also contains a claim to verify whether the VM is confidential. For a Confidential VM, the instance_confidentiality claim has a value of 1.

To learn how to obtain and decode the identity token of a VM, see Verifying the identity of an instance.

What's next