Latest Google Compute Engine Confidential VMs Google

 

Overview of a confidential virtual machine

Secret Virtual Machines Google

Confidential virtual machines (VMs) are one kind of Compute Engine vm. They utilize hardware-based memory encryption to help ensure that your data and apps cannot be read or changed while in use.

The following are some benefits of private virtual machine instances:

• Isolation: Encryption keys are generated and stored on dedicated hardware that is not accessible by the hypervisor.
• Attestation: You may verify the identity and state of the virtual machine to make sure crucial components haven't been tampered with.
• This kind of hardware isolation and attestation is known as a Trusted Execution Environment (TEE).
• The Confidential VM service is an option that you may enable when you start a new virtual machine instance.

Technology for confidential computing

Different Confidential Computing technologies may be used while setting up a Confidential VM instance, depending on the kind of machine and CPU platform you choose. Ascertain that the technology you choose for Confidential Computing satisfies your performance and financial needs.

AMD SEV

With the help of Google's vTPM for boot-time attestation and the AMD Secure Processor for hardware-based memory encryption, AMD Secure Encrypted Virtualization (SEV) on Confidential VM offers both features.

AMD SEV offers outstanding performance for tasks requiring a lot of computing. The performance difference between a regular Compute Engine VM and a SEV Confidential VM may be minimal or nonexistent, depending on the workload.

Unlike other Confidential Computing technologies that use Confidential VM, AMD SEV systems using the N2D machine type provide live migration.

AMD SEV-SNP

AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) expands on SEV by including hardware-based security to help combat malicious hypervisor-based attacks like data replay and memory remapping. Requests for direct attestation results from the AMD Secure Processor may be made at any time.

Because AMD SEV-SNP has more security features than SEV, it uses more resources. For example, depending on the demand, you can experience increased network latency and lower network bandwidth.

TDX Intel

The Intel Trust Domain Extensions (TDX) is a hardware-based TEE. TDX uses hardware extensions to create an isolated trust domain (TD) within a virtual machine (VM) for memory management and encryption.

Intel TDX improves the defense of the TD by strengthening it against certain kinds of attacks that necessitate physical access to the platform memory, like active attacks of DRAM interfaces that include splicing, aliasing, capturing, changing, relocating, and modifying memory contents.

VIP virtual machine service

Besides Compute Engine, the following Google Cloud services also make use of Confidential VM:

• Confidential Use of Confidential VM is necessary for each and every one of your Google Kubernetes Engine nodes.
• Confidential Space uses Confidential VM to enable parties to communicate sensitive data while preserving ownership and secrecy of such data, subject to a workload that is mutually agreed upon.
• Dataproc Confidential Compute includes clusters that use confidential virtual machines (VMs).
• For dataflow secret virtual computers, the features of the worker are as follows.

Google Cloud is committed to giving you total control over the safety and security of your data. Start by fortifying the computing Engine virtual machines (VMs), the foundation of your computing architecture, using Confidential Computing.

Confidential Computing protects data during usage and processing by using a hardware-based Trusted Execution Environment (TEE). TEEs are secure, isolated areas designed to prevent unauthorized access to or modification of data and programs while they are being used.

At Google, we have invested in and become early users of Confidential Computing technology and solutions. For more than four years, Google customers have been using the enhanced Confidential Computing products and new features in innovative ways to increase the security and confidentiality of their workloads. It was with great pleasure that we announced many new Confidential Computing options in addition to the widely available updates to the Google Cloud attestation service.

Currently within most people's reach: AMD SEV-powered segmented virtual machine running on C3D platforms

We are happy to notify you that the general purpose C3D machine line now offers a broad range of access to Confidential VMs Google outfitted with AMD Secure Encrypted Virtualization (AMD SEV) technology. Confidential VMs with AMD SEV technology help ensure that your data and programs cannot be read or altered while in use by using hardware-based memory encryption. The 4th generation AMD EPYC (Genoa) CPU powers the C3D machine series, which is designed to provide optimum, reliable, and consistent performance with Google's Titanium hardware.

Confidential VMs were only available earlier on the general-purpose N2D and C2D machine series. Customers who are concerned about security may now get the newest general purpose hardware with improved performance and data secrecy thanks to the C3D machine line extension. Using the newest equipment leads to better performance. Visit this page to learn more about the C3D machine series' performance and private virtual machines.

Private virtual machines with AMD SEV are available in every area and zone where C3D machines are offered.

Currently commonly available: Confidential virtual machine powered by Intel TDX on the C3 machine series

On the general-purpose C3 machine series, Google's confidential virtual machines (VMs) with Intel Trust Domain Extensions (Intel TDX) technologies are now generally available. Confidential VMs with Intel TDX technology help ensure that your data and programs cannot be read or altered while in use by using hardware-based memory encryption.

To allow secret computing on a C3 virtual machine, no code modifications are required. To verify that your hardened virtual machine (VM) is running in a TEE, you may utilize your own attestation provider or the remote attestation service offered by Intel Trust Authority. The C3 machine series is powered by Google Titanium, DDR5 memory, and 4th generation Intel Xeon Scalable CPUs, also known as Sapphire Rapids.

Integrated CPU acceleration by Intel AMX

All C3 virtual machines (VMs) have Intel Advanced Matrix Extensions (Intel AMX) enabled by default, including Confidential VMs. Intel AMX is a unique extension to the instruction set architecture (ISA) designed to accelerate tasks associated with artificial intelligence and machine learning. The additional instructions that AMX provides may be used to perform matrix multiplication and convolution, two of the most widely used techniques in AI and ML. Using Intel AMX in conjunction with Confidential VMs allows you to run AI/ML applications with an additional layer of security.

Accessible areas for Confidential VM with Intel TDX on the C3 machine series include Asia-southeast1, US-central1, and Europe-west4.

On the N2D machine series, confidential virtual machines with AMD SEV-SNP are now generally available

With the introduction of AMD Secure Encrypted Virtualization-Secure Nested Paging (AMD SEV-SNP) on the general purpose N2D machine series this past June, customers may now access Confidential VMs with hardware-rooted attestation, data integrity, and data confidentiality. Before this, AMD Secure Encrypted Virtualization (SEV), a private computing technology that ensured data secrecy, was the only way for customers to access private virtual machines.

All Confidential VMs allow customers to maintain control over their data in the public cloud, accomplish cryptographic isolation in a multi-tenant environment, and provide an additional layer of security and data protection from cloud administrators, operators, and insiders. Conversely, AMD SEV-SNP-equipped confidential virtual machines (VMs) provide additional security features that prevent damaging hypervisor-based attacks such memory remapping and data replay.

Confidential VM creation is easy and doesn't need any code modifications thanks to AMD SEV-SNP on the N2D machine series. Additionally, the benefits of security come with minimal performance effect.

AMD SEV-SNP on the N2D machine series is available in confidential virtual machines located in Asia-southeast1, US-central1, Europe-west3, and Europe-west 4.

Signed UEFI binaries for AMD SEV-SNP and Intel TDX for Private Virtual Machines

It is happy to announce a significant security enhancement with the inclusion of signed startup measures (UEFI binaries and initial state) to its Confidential VMs utilizing AMD SEV-SNP and Intel TDX technologies. An extra layer of protection against illegal modifications or tampering with UEFI, the firmware that controls a computer's starting process, was offered by signing these files.

By signing the UEFI and allowing you to verify the signatures, you may increase transparency and have more assurance that the firmware running on your Confidential VMs is genuine and uncompromised. If you can verify the firmware integrity and validity, your authorized devices are working in a safe and dependable environment.

Google plans to implement further measures to establish a system that is more verifiably secure and trustworthy.

Google Cloud attestation now supports AMD SEV Confidential VM

You may utilize the Google Cloud attestation service instead of building and running your own attestation verifier, assuming your trust model allows it. To acquire an attestation quotation from the vTPM of an AMD SEV Confidential VM instance, use the Go-TPM tools. Then, send the quote to the Google Cloud Attestation service for verification by using the./go-tpm token command.

Once the Google Cloud Attestation has confirmed the attestation quotation, you may confirm if the virtual machine (VM) is trustworthy by checking its details with your own policy. Google's attestation service is presently limited to AMD SEV.

Costs of confidential VMs

Confidential VM comes with extra costs on top of the Compute Engine fee. The kind of Confidential Computing technology (such as AMD SEV, Intel TDX, or AMD SEV-SNP) and whether the instance is preemptible or on demand are two aspects that affect the cost of a Confidential VM instance. For Confidential VM, the prices are a fixed amount per vCPU and per GB.

The cost of the Confidential VM may be seen here. For a pricing list of Compute Engine, see this page.