Confidential Space images

A Confidential Space image is a minimal, single-purpose OS that's run on a Confidential VM. It's designed to run a single workload only once, without persistent storage. That workload is layered on top of the Confidential Space image using Docker.

Confidential Space images are built on the existing security enhancements of Container-Optimized OS, and add the following benefits:

  • Encrypted disk partitions with integrity protection

  • Authenticated, encrypted network connections

  • Various boot measurements

  • Disabled remote access and cloud-specific tooling

Types of images

Confidential Space images are available in two variants: production and debug.

The debug version is considered insecure, and is used for testing your workload on non-production data. It differs from the production image in the following ways:

  • SSH is enabled.

  • The operator has root access to the VM that runs the workload.

  • The VM running the debug image doesn't stop after the workload is complete.

You can set which image is used when you deploy the workload.

Confidential Space image lifecycle

When you create a Confidential VM using a Confidential Space image, the latest version of the image is used. If you always delete your Confidential VM when your workload is done and create a new one each time you run the workload, then you can be sure the image is up to date.

However, long-running workloads or running a workload on a VM created in the past opens you up to the risk of using an outdated Confidential Space image, which might introduce security vulnerabilities.

To mitigate this, a data collaborator can use support attributes to check if a production Confidential Space image version running on a VM is recent, and deny it access to their data if it doesn't pass.

There are three support attributes:

  • LATEST: This is the latest version of the image, and is supported and monitored for vulnerabilities. The LATEST image is also STABLE and USABLE.

  • STABLE: This version of the image is supported and monitored for vulnerabilities. A STABLE image is also USABLE.

  • USABLE: An image with only this attribute is out of support. Use it at your own risk.

Image versions

You can view the latest Confidential Space images with the following gcloud command:

gcloud compute images list \
    --project=confidential-space-images \

The following flags can change the returned images in the results:

  • Add the --show-deprecated flag to show older images.

  • Add --filter="family~'confidential-space$'" flag to show production images.

  • Add --filter="family~'confidential-space-debug$'" flag to show debug images.

The following tables detail the available Confidential Space image versions and their support attributes.

Production images

The following table contains Confidential Space image production versions.

Image name Container-Optimized OS
LATEST image
confidential-space-231201 cos-dev-113-18059-0-0 2023-12-14
STABLE images
confidential-space-231200 cos-dev-113-18054-0-0 2023-12-05
confidential-space-231001 cos-dev-113-17965-0-0 2023-11-03
confidential-space-230901 cos-dev-113-17877-0-0 2023-10-02
confidential-space-230600 cos-dev-109-17637-0-0 2023-06-09
confidential-space-2302-0 cos-dev-105-17234-0-0 2023-03-02
confidential-space-2212-0 cos-dev-105-17234-0-0 2022-12-01

Debug images

The following table contains Confidential Space image debug versions.

Image name Container-Optimized OS
confidential-space-debug-231201 cos-dev-113-18059-0-0 2023-12-14
confidential-space-debug-231200 cos-dev-113-18054-0-0 2023-12-05
confidential-space-debug-231001 cos-dev-113-17965-0-0 2023-11-03
confidential-space-debug-230901 cos-dev-113-17877-0-0 2023-10-02
confidential-space-debug-230600 cos-dev-109-17637-0-0 2023-06-09
confidential-space-debug-2302-0 cos-dev-105-17234-0-0 2023-03-02
confidential-space-debug-2212-0 cos-dev-105-17234-0-0 2022-12-01