Creating a Confidential VM instance

This page shows you the full set of options for creating a Confidential VM instance. To see the quickest way to create a Confidential VM, see the quickstart. To learn about Confidential VM's features and concepts, see Confidential VM and Compute Engine.

Considerations

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the Compute Engine API.

    Enable the API

  5. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  7. Enable the Compute Engine API.

    Enable the API

  8. Optional: To use the gcloud command-line tool examples in this guide:
  9. Optional: To use the API examples in this guide, set up authorization for your requests. Learn more about OAuth 2.0.

Create a Confidential VM instance

To create a Confidential VM, complete the following steps.

Console

  1. In the Cloud Console, go to the VM Instances page.

    Go to VM Instances

  2. Select Create instance.

  3. Select the Confidential VM Service checkbox.

    Confidential VM checkbox

  4. In then Enable Confidential Computing service dialog, review the list of settings that are updated when you enable the service, and then click Enable.

  5. Enabling Confidential VM may change the following fields if they were set to incompatible values.

    • Region and zone
    • Series and Machine type
    • Boot disk image
    • On host maintenance

    Verify that you are satisfied with these settings, and then click Create.

You return to the VM instances page where you can view the status and details for your new instance. When a green checkmark appears under Status, your new Confidential VM is ready to use.

gcloud

To create a Confidential VM instance, you can use one of several Confidential VM-supported Compute Engine images.

List supported images

To list all existing Confidential VM-supported images, use one of the following commands:

Shielded Container Optimized OS (COS):

gcloud compute images list --filter="guestOsFeatures[].type:(SEV_CAPABLE)" \
  --project cos-cloud \
  --no-standard-images;

Ubuntu Linux:

gcloud compute images list --filter="guestOsFeatures[].type:(SEV_CAPABLE)" \
  --project ubuntu-os-cloud \
  --no-standard-images;

View image details

To view details about a specific image, use the zones describe subcommand as shown here, replacing the IMAGE_NAME placeholder with the name of the image and IMAGE_PROJECT_NAME with the name of the image's project:

gcloud compute images describe IMAGE_NAME \
  --project IMAGE_PROJECT_NAME;

List per-zone available CPU platforms

To get a list of the available CPU platforms in specific zones, use the zones describe subcommand as shown here, replacing the ZONE_NAME placeholder with the name of the zone:

gcloud compute zones describe ZONE_NAME \
  --format="value(availableCpuPlatforms)"

For example, the following command shows you what CPU platforms are available in zone us-central1-f:

gcloud compute zones describe us-central1-f --format="value(availableCpuPlatforms)"

Create a new instance

To create a new Confidential VM instance on the AMD Secure Encrypted Virtualization (SEV) CPU platform using the gcloud command-line tool.

To create the new instance, use the instances create subcommand followed by the --confidential-compute flag to specify a Confidential VM opt-in. You must use --maintenance-policy=TERMINATE because Confidential VM does not support live migration.

gcloud compute instances create INSTANCE_NAME \
  --machine-type "MACHINE_TYPE" --zone "ZONE_NAME" \
  --confidential-compute --maintenance-policy=TERMINATE \
  --image=IMAGE_NAME \
  --image-project=IMAGE_PROJECT
  

Where:

  • INSTANCE_NAME is the name to give the new instance.
  • MACHINE_TYPE is the N2D machine type to use.
  • ZONE_NAME is the name of the zone in which to create the instance. To learn how to see a list of the available CPU platforms in specific zones, see List per-zone available CPU platforms, earlier in this topic.
  • IMAGE_NAME is the name of the Confidential VM-supported image to use.
  • IMAGE_PROJECT is project containing the image.

The following example command creates an n2d-standard-16-type instance called "example-instance" on the AMD SEV CPU platform in the us-central1-f zone:

gcloud compute instances create example-instance \
  --machine-type "n2d-standard-16" --zone "us-central1-f" \
  --confidential-compute --maintenance-policy=TERMINATE \
  --image="example-cvm-image" \
  --image-project="public-image-project"

API

To create a Confidential VM on the AMD Secure Encrypted Virtualization (SEV) CPU platform using the Compute Engine API, post an instance creation request. You must set enableConfidentialCompute to TRUE. You must also use onHostMaintenance=TERMINATE because Confidential VM does not support live migration. You can specify a minimum CPU platform by setting the minCpuPlatform property to a value.

The following example shows a JSON object POSTed to the Instances REST resource of the Compute Engine API.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE_NAME/instances

{
  "machineType": "zones/ZONE_NAME/machineTypes/MACHINE_TYPE",
  "name": "INSTANCE_NAME",
  "confidentialInstanceConfig": {
    "enableConfidentialCompute": true
  },
  "scheduling": {
    "automaticRestart": true,
    "nodeAffinities": [],
    "onHostMaintenance": "TERMINATE",
    "preemptible": false
  }
  ...
}

Where:

  • PROJECT_ID is your project identifier.
  • ZONE_NAME is the zone in which to create the instance.
  • MACHINE_TYPE is the N2D machine type to use.
  • INSTANCE_NAME is the name to give the new instance.

Verify AMD SEV is enabled

Confidential VM uses AMD Secure Encrypted Virtualization (SEV). To verify that Confidential Computing is enabled, you may be able to use dmesg logs to verify that AMD SEV is active for your VM. Depending on the Linux distribution and other software installed on the guest, dmesg logs might be maintained differently. For definitive guidance about how to query dmesg logs, refer to the documentation for the Linux distribution.

To verify that AMD SEV is active for your VM, complete the following steps to connect to your instance, and then view the dmesg log.

  1. In the Cloud Console, go to the VM Instances page.

    Go to VM Instances

  2. In the table on the Instances tab, find the row for your new Confidential VM instance.

  3. To open a terminal window for interacting with your Confidential VM instance, click SSH in the same row.

  4. On some Linux distributions, you might be able to verify that the Confidential VM instance is using AMD SEV by running the following dmesg command in the terminal window.

      dmesg | grep SEV | head
      

    You should receive a response that AMD Secure Encrypted Virtualization (SEV) is active.

To learn how to obtain more detailed information about the state of the Confidential VM instance by examining Cloud Monitoring integrity validation events, see Validating Confidential VM instances using Cloud Monitoring.

Verify the identity token of a Confidential VM

Before sending any sensitive information to the VM instance, your applications can request for the VM's unique identity token from the metadata server. The identity token includes details about an instance such as the instance ID, creation time, and license codes for the instance's images. The token also contains a claim to verify whether the VM is confidential. For a Confidential VM, the instance_confidentiality claim has a value of 1.

To learn how to obtain and decode the identity token of a VM, see Verifying the identity of an instance.

What's next