You can use your own custom Linux image to create a Confidential VM instance. This topic is an addendum to the instructions for importing a custom image, and covers several considerations you should be aware of.
Keep in mind the following requirements when using custom images with Confidential VM:
- AMD Secure Encrypted Virtualization (SEV)-related Linux kernel patches
- Compute Engine virtual network interface (gVNIC) device driver
- NVM Express (NVMe) interface
AMD Secure Encrypted Virtualization (SEV)-related Linux kernel patches
Using kernel version 5.4 or later and enabling the following options is recommended.
If you need to use earlier kernel versions, you may need to do additional work to install device drivers.
Compute Engine virtual network interface (gVNIC) device driver
Use version 1.01 or later. For additional instructions, see Creating instances that use the Compute Engine virtual network interface.
NVM Express (NVMe) interface
The NVMe interface must be available during boot on the guest OS for both persistent disks (PDs) and attached SSDs. The kernel and initramfs image (if used) must include the NVMe driver module in order to mount the root directory.
If you run into issues while setting up your own image with Confidential VM, use the support options to get help.
- Learn more about using operating system images to create boot disks for Compute Engine instances.