Using your own Linux image

You can use your own custom Linux image to create a Confidential VM instance. This topic is an addendum to the instructions for importing a custom image, and covers several considerations you should be aware of.

Important considerations

Keep in mind the following requirements when using custom images with Confidential VM:

AMD Secure Encrypted Virtualization (SEV)-related Linux kernel patches

Using kernel version 5.4 or later and enabling the following options is recommended.

  • CONFIG_AMD_MEM_ENCRYPT
  • CONFIG_NET_VENDOR_GOOGLE
  • CONFIG_PCI_MSI
  • CONFIG_GVE
  • CONFIG_SWIOTLB

If you need to use earlier kernel versions, you may need to do additional work to install device drivers.

Compute Engine virtual network interface (gVNIC) device driver

Use version 1.01 or later. For additional instructions, see Creating instances that use the Compute Engine virtual network interface.

NVM Express (NVMe) interface

The NVMe interface must be available during boot on the guest OS for both persistent disks (PDs) and attached SSDs. The kernel and initramfs image (if used) must include the NVMe driver module in order to mount the root directory.

Having trouble?

If you run into issues while setting up your own image with Confidential VM, use the support options to get help.

What's next

  • Learn more about using operating system images to create boot disks for Compute Engine instances.