To create a Confidential VM instance, you need a virtual machine that has the following properties:
You can configure your own Confidential VM instance manually, or accept the suggested settings when you enable the Confidential VM service in the Google Cloud console.
Limitations
The following limitations apply depending on how you've configured your Confidential VM instance.
All Confidential VM instances
You must create a new VM instance to enable Confidential VM. Existing instances can't be converted to Confidential VM instances.
Confidential VM instances require an NVME interface for disks. SCSI isn't supported.
Only new disks can be formatted to XFS on Linux kernel versions earlier than 5.10. To format existing disks to XFS, you need kernel version 5.10 or later.
You can't attach more than 40 disks to a Confidential VM instance. You can request an exception through a support channel, although instances with more than 40 disks might fail silently.
Boot time is proportional to the amount of memory assigned to an instance. You might notice longer boot times for Confidential VM instances with large amounts of memory.
Establishing SSH connections takes longer on Confidential VM instances than non-Confidential VM instances.
Live migration is only supported on N2D machine types with AMD EPYC Milan CPU platforms running AMD SEV.
AMD SEV
Debian 12 doesn't have attestation support for AMD SEV due to the missing
/dev/sev-guest
package.AMD SEV on C2D and N2D machine types has a maximum vNIC queue count of
8
.AMD SEV on the C3D machine type has the following limitations:
Confidential VM instances that use C3D machine types might experience lower network bandwidth than equivalent non-confidential VMs, even with per VM Tier_1 networking performance enabled.
VMs with more than 180 vCPUs aren't supported.
The following images that are tagged
SEV_CAPABLE
don't work with AMD SEV on C3D machines that have more than 8 vCPUs:rhel-8-4-sap-ha
sles-15-sp2-sap
These images are missing a required patch that increases the size of the SWIOTLB buffer for high networking queues.
AMD SEV-SNP
Debian 12 doesn't have attestation support for AMD SEV-SNP due to the missing
/dev/sev-guest
package.AMD SEV-SNP on N2D machine types has a maximum vNIC queue count of
8
.VM instances don't support
kdump
. Instead, use the guest console logs.
Intel TDX
Local SSD machine types aren't supported.
VM instances take longer to shut down compared to standard VM instances. This delay increases with VM memory size.
Only Balanced Persistent Disk volumes that use the NVMe interface are supported.
VM instances might experience lower network bandwidth and higher latency compared to non-Confidential VM instances.
VM instances can't be provisioned on sole-tenant node groups.
Due to additional security constraints, the CPUID instruction might return limited or no CPU architecture details. This might impact the performance of workloads that depend on those CPUID values.
VM instances don't support
kdump
. Instead, use the guest console logs.
Machine types, CPUs, and zones
Confidential VM is supported on the following machine types and configurations.
Machine type | CPU platform | Confidential Computing technology | Live migration support |
---|---|---|---|
C2D |
|
|
Not supported |
|
|
|
Not supported |
C3D |
|
|
Not supported |
N2D |
|
|
AMD SEV VMs on Milan only |
View supported zones
You can view which zones support these machine types with one of the following methods.
AMD SEV
Reference table
To view which zones support Confidential VM, complete the following steps.
Go to Available regions and zones.
Click Select a machine type, and then select N2D, C2D and C3D.
Click Select a CPU, and then select AMD EPYC Milan and AMD EPYC Genoa.
gcloud
To list the zones available in Google Cloud, run the following command:
gcloud compute zones list \
--format="value(NAME)"
To list the available CPU platforms for a specific zone, run the following command and check for AMD Milan or AMD Genoa support:
gcloud compute zones describe ZONE_NAME \
--format="value(availableCpuPlatforms)"
AMD SEV-SNP
AMD SEV-SNP is supported in the following zones, on N2D machine types with AMD Milan CPU platforms:
asia-southeast1-a
asia-southeast1-b
asia-southeast1-c
europe-west3-a
europe-west3-b
europe-west3-c
europe-west4-a
europe-west4-b
europe-west4-c
us-central1-a
us-central1-b
us-central1-c
Intel TDX
Intel TDX is supported in the following zones, on c3-standard-*
machine
types.
asia-southeast1-a
asia-southeast1-b
asia-southeast1-c
europe-west4-a
europe-west4-b
europe-west4-c
us-central1-a
us-central1-b
us-central1-c
Operating systems
For the available Confidential VM operating system images, see Operating system details. Find your distribution of choice, and then click the Security features tab to check if Confidential VM is supported.
Alternatively, you can
view supported operating system images with a gcloud
command,
or create your own Linux image.
View supported operating system images with gcloud
The operating system images you can use are determined by your Confidential Computing technology choice.
You can list the operating system images, their image families, and their versions that support AMD Confidential Computing technologies by running the following command:
gcloud compute images list \
--filter="guestOsFeatures[].type:(OS_FEATURE)"
Provide the following value:
OS_FEATURE
: The type of Confidential Computing support you
want. Accepted values are:
SEV_CAPABLE
: Operating systems that support AMD SEV.SEV_LIVE_MIGRATABLE_V2
: Operating systems that support AMD SEV and live migration.SEV_SNP_CAPABLE
: Operating systems that support AMD SEV-SNP isolation and attestation.TDX_CAPABLE
: Operating systems that support Intel TDX isolation and attestation.
To limit the results to a specific image family, project, or other text
provided in the previous command's response, use an AND
operator, and
replace STRING with a partial text match, similar to the
following example:
gcloud compute images list \
--filter="guestOsFeatures[].type:(OS_FEATURE) AND STRING"
To view details about a specific image, run the following command using details from the responses of the previous commands:
gcloud compute images describe IMAGE_NAME \
--project=IMAGE_PROJECT
What's next
Learn how to create a Confidential VM instance.