Quickstart: Creating a Confidential VM instance

This page guides you through setting up a new Confidential VM instance using the Google Cloud Console. To learn how to set up a new Confidential VM instance using gcloud or the Compute Engine API, see Creating a Confidential VM instance.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the Compute Engine API.

    Enable Compute Engine API

Create the Confidential VM instance

  1. In the Cloud Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click Create instance.
  3. Click CPU platform and GPU to expand the section.

  4. Leave CPU Platform set to Automatic.
  5. Select the Confidential VM Service checkbox.

  6. A message appears letting you know the settings that will be changed if you enable the service. Click Enable.

The default OS boot disk changes to Ubuntu 18.04 LTS. To change the boot disk to a different OS, click Change to select one of the supported OSes for Confidential VM.

For the purposes of this quickstart, you can keep the remaining options at their default values or make any changes you might want. When you're done, click Create.

Connect to your instance

  1. In the Cloud Console, go to the VM Instances page.

    Go to the VM Instances page

  2. In the list of virtual machine instances, click SSH in the row of the instance that you want to connect to.

You now have a terminal window for interacting with your Confidential VM instance.

Verify that AMD SEV is enabled

To verify that the newly created Confidential VM instance is using AMD SEV, run the following command after you've connected to the instance:

dmesg | grep SEV | head

If AMD SEV is enabled, you'll see a response like the following:

[    0.290272] AMD Secure Encrypted Virtualization (SEV) active

To learn how to obtain more detailed information about the state of the Confidential VM instance by examining Cloud Monitoring integrity validation events, see Validating Confidential VMs using Cloud Monitoring.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used in this quickstart, follow these steps.

  1. In the Cloud Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click the checkbox for the instance you want to delete.
  3. Click Delete to delete the instance.

What's next