After nearly two months, Google Cloud announced the availability of Confidential VMs they have expanded the portfolio with two new products. In July, the company announced VM as a part of its Confidential Computing portfolio. Google says that it will soon be available in beta starting with the GKE 1.18 release.
In its first Confidential GKE Nodes, Google says that it is built on the same technology and foundation as Confidential VMs. It allows the user to keep data encrypted with a node-specific dedicated key in memory. This data is generated and managed by the AMD EPYC processor.
The Confidential GKE Nodes will enable users to configure their GKE cluster and deploy node pools. Clusters will automatically enable users to enforce the use of Confidential VMs for all worker nodes. It will use hardware memory encryption powered by the AMD Secure Encrypted Virtualization.
Additionally, the company also announced that, in the coming weeks, it was making Confidential VMs generally available to all on Google Cloud customers.
Apart from that, Google added four new functionalities. The first feature is called audit reports that include detailed logs of the AMD Secure Processor Firmware.
“We establish an integrity baseline when you first launch your VM and match against it whenever a VM is relaunched. You can also set custom actions or alerts based on these logs,” the company explained in a blog post.
The second functionality is new policy controls that allow users to use the IAM Org Policy.
Also, Google has provided integration with other enforcement mechanisms that users can use to combine Shared VPCs, organization policy constraints, and firewall rules. This will ensure Confidential VMs and interact with other Confidential VMs.
Lastly, the fourth feature ensures the secure sharing of secrets. Confidential VMs uses the virtual Trusted Platform Module (vTPM) along with an open-source library to bind their secrets to the vTPM of their Confidential VM.