Verifiable integrity with secure and measured boot
Secure boot helps prevent malicious code from being loaded early in the boot sequence. Measured boot ensures the integrity of the bootloader and kernel and boot drivers to guard against malicious modifications to the VM.
vTPM exfiltration resistance
Validate your guest VM pre-boot and boot integrity using vTPM technology, which is compatible with Trusted Computing Group TPM 2.0 specifications and is FIPS 140-2 L1 verified. A vTPM generates and securely stores encryption keys or sensitive data on guest operating systems.
Live migration and patching
Keep your virtual machine instances running even when a host system event occurs, such as a software or hardware update.
Define IAM policies and permissions
Set policies and permissions that constrain all new Compute Engine instances to use Shielded VM disk images and have vTPM and integrity monitoring options enabled.
Shield existing VM images
Transform your existing VMs into Shielded VMs that run on Google Cloud, bringing verifiable integrity and exfiltration resistance to your existing images.
There is no separate charge for using Shielded VMs.