Supported configurations

To create a Confidential VM instance, you need a virtual machine that has the following properties:

You can configure your own Confidential VM instance manually, or accept the suggested settings when you enable the Confidential VM service in the Google Cloud console.

Limitations

  • You must create a new VM instance to enable Confidential VM. Existing instances can't be converted to Confidential VM instances.

  • You can't attach GPUs or TPUs to Confidential VM instances.

  • Confidential VM instances require an NVME interface for disks. SCSI isn't supported.

  • Only new persistent disks can be formatted to XFS. Formatting existing persistent disks to XFS isn't supported.

  • You can't attach more than 40 persistent disks to a Confidential VM instance. You can request an exception through a support channel, although instances with more than 40 persistent disks might fail silently.

  • Boot time is proportional to the amount of memory assigned to an instance. You might notice longer boot times for Confidential VM instances with large amounts of memory.

  • Time to SSH is longer for Confidential VM instances than non-Confidential VM instances.

  • Live migration is only supported on N2D machine types with AMD EPYC Milan CPU platforms running AMD SEV.

  • AMD SEV-SNP (Preview) and Intel TDX (Preview) VM instances don't support kdump. Instead, use the guest console logs.

Intel TDX

  • CPUs might appear to have high utilization. This is because the HLT CPU instruction has been disabled on the guest to avoid high overhead when waking the CPU.

  • Intel TDX VM instances take longer to shut down compared to standard VM instances. This delay increases with VM memory size.

  • Only NVMe balanced persistent disks are supported.

  • VM instances booted with Container-Optimized OS might experience poor performance compared to Ubuntu.

  • VM instances might experience lower network bandwidth and higher latency compared to standard VM instances.

  • Custom images aren't supported.

  • Intel TDX VM instances aren't available as valid node types for sole-tenant nodes.

Machine types, CPUs, and zones

Confidential VM is supported on the following machine types and configurations.

Machine type CPU platform Confidential Computing technology Live migration support

N2D

View machine type names

  • AMD EPYC Milan
  • AMD EPYC Rome (deprecated)
  • AMD SEV on Milan and Rome
  • AMD SEV-SNP (Preview) on Milan only
AMD SEV VMs on Milan only

C2D

View machine type names

  • AMD EPYC Milan
  • AMD EPYC Rome (deprecated)
  • AMD SEV on Milan and Rome
Not supported

C3 standard

View machine type names

  • Intel Sapphire Rapids
  • Intel TDX
Not supported

View supported zones

You can view which zones support these machine types with one of the following methods.

AMD SEV

Reference table

To view which zones support Confidential VM, complete the following steps.

  1. Go to Available regions and zones.

  2. Click Select a machine type, and then select N2D and C2D.

  3. Click Select a CPU, and then select AMD EPYC Milan.

gcloud

To list the zones available in Google Cloud, run the following command:

gcloud compute zones list \
    --format="value(NAME)"

To list the available CPU platforms for a specific zone, run the following command and check for AMD Milan support:

gcloud compute zones describe ZONE_NAME \
    --format="value(availableCpuPlatforms)"

AMD SEV-SNP

AMD SEV-SNP (Preview) is supported in the following zones, on N2D machine types with AMD Milan CPU platforms:

  • asia-southeast1-a

  • asia-southeast1-b

  • asia-southeast1-c

  • europe-west4-a

  • europe-west4-b

  • europe-west4-c

  • us-central1-a

  • us-central1-b

  • us-central1-c

Intel TDX

Intel TDX (Preview) is supported in the following zones, on C3 standard machine types:

  • us-central1-a

  • us-central1-b

  • us-central1-c

Operating systems

For the available Confidential VM operating system images, see Operating system details. Find your distribution of choice, and then click the Security features tab to check if Confidential VM is supported.

Alternatively, you can view supported operating system images with a gcloud command, or create your own Linux image.

View supported operating system images with gcloud

You can list the supported operating system images, their image families, and their versions by running the following command:

gcloud compute images list \
    --filter="guestOsFeatures[].type:(OS_FEATURE)"

Provide the following value:

OS_FEATURE: The type of Confidential Computing you want. Accepted values are:

  • SEV_CAPABLE: Operating systems that support AMD SEV.

  • SEV_LIVE_MIGRATABLE_V2: Operating systems that support AMD SEV and live migration.

  • SEV_SNP_CAPABLE: Operating systems that support AMD SEV-SNP (Preview).

  • TDX_CAPABLE: Operating systems that support Intel TDX (Preview).

To limit the results to a specific image family, project, or other text provided in the previous command's response, use an AND operator, and replace STRING with a partial text match:

gcloud compute images list \
    --filter="guestOsFeatures[].type:(OS_FEATURE) AND STRING"

To view details about a specific image, run the following command using details from the responses of the previous commands:

gcloud compute images describe IMAGE_NAME \
    --project=IMAGE_PROJECT

What's next

Learn how to create a Confidential VM instance.