Verify Confidential Computing is enabled

gcloud

Run the following command to determine which Confidential Computing technology your Confidential VM is using:

gcloud compute instances describe INSTANCE_NAME --zone=ZONE_NAME --format="yaml(confidentialInstanceConfig)"

Provide the following values:

• INSTANCE_NAME: The Confidential VM instance name.

• ZONE_NAME: The zone the Confidential VM instance is operating in.

You receive one of the following responses if your VM instance is using AMD SEV:

confidentialInstanceConfig:
  enableConfidentialCompute: true

confidentialInstanceConfig:
  confidentialInstanceType: SEV

You receive one of the following responses if your VM instance is using AMD SEV-SNP (Preview) or Intel TDX (Preview):

confidentialInstanceConfig:
  confidentialInstanceType: SEV_SNP

confidentialInstanceConfig:
  confidentialInstanceType: TDX

SSH

To verify that Confidential Computing is enabled, you might be able to use the dmesg logs on your VM.

1. In the Google Cloud console, go to the VM Instances page.

   Go to VM Instances

2. In the table on the Instances tab, find the row for your Confidential VM instance.

3. To open a terminal window for interacting with your Confidential VM instance, click SSH in the same row.

4. Run the following command:

   sudo dmesg | grep -i "Encryption Features active"
   

If your VM is using AMD SEV, the response should be similar to the following example:

Memory Encryption Features active: SEV

If your VM is using AMD SEV-SNP (Preview), the response should be similar to the following example:

Memory Encryption Features active: SEV SEV-ES SEV-SNP

If your VM is using Intel TDX (Preview), the response should be similar to the following example:

Memory Encryption Features active: Intel TDX