Launching Your Ubuntu Confidential VM with Intel® TDX on Google Cloud: A Guide to Enhanced Security

In the world of cloud computing, we rely on abstraction layers to manage complex systems. While this simplifies development, it also creates vulnerabilities for sensitive data. Traditionally, privileged software within the cloud has access to your data, and could pose a significant security risk, if not managed properly.

But there’s a new way to protect your data: confidential computing. This technology utilizes hardware-based Trusted Execution Environments (TEEs) to secure data “in use,” ensuring it cannot be accessed or modified by unauthorized parties, including the cloud provider itself.

Intel® Trust Domain Extensions (Intel® TDX) is a key player in this field, offering a hardware-based isolation layer for virtual machines (VMs) running on Intel processors. This technology has been integrated into Google Cloud, and with Ubuntu’s comprehensive support, it’s easier than ever to run your workloads securely.

Here’s how to launch your Ubuntu Confidential VM with Intel® TDX on Google Cloud:

1. Choose the Right Machine: Select the C3 machine series in Google Compute Engine, which utilizes 4th Gen Intel® Xeon Scalable CPUs and supports Intel® TDX technology.
2. Use the Google Cloud CLI: In the Google Cloud CLI, utilize the instance create subcommand and specify –confidential-compute-type=TDX to enable Intel® TDX for your VM.

Example Command:

gcloud compute instances create INSTANCE_NAME \
  --machine-type MACHINE_TYPE --zone us-central1-a \

  --confidential-compute-type=TDX \

  --on-host-maintenance=TERMINATE \
  --image-family=IMAGE_FAMILY_NAME \

  --image-project=IMAGE_PROJECT \

  --project PROJECT_NAME

Where:

• MACHINE_TYPE is the C3 machine type to use.
• IMAGE_FAMILY_NAME is the name of the Confidential VM-supported image family to use, such as Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.04 LTS Pro Server.
• IMAGE_PROJECT is the project where the image resides.
• PROJECT_NAME is your Google Cloud project.

Benefits of Ubuntu Pro with Intel® TDX:

• Enhanced Security: Ubuntu Pro offers features like live kernel patching, ensuring continuous uptime and security.
• Extended Support: You get ten years of long-term support (LTS) for your Ubuntu Pro installation, providing stability and reliability for your workloads.
• Compliance: Ubuntu Pro meets stringent security standards like FIPS and CIS, making it ideal for highly regulated environments.

Get Started Today:

Embrace the latest advancements in security technology and enjoy peace of mind knowing your data is protected with Intel® TDX. Launch your Ubuntu Confidential VM on Google Cloud today!

Additional Resources:

• Read our blog post: What is confidential computing? A high-level explanation for CISOs
• Read our blog post: Confidential computing in public clouds: isolation and remote attestation explained

By leveraging the power of confidential computing with Ubuntu and Google Cloud, you can unlock a new level of data security and trust in your cloud deployments.