-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gcp: add Launch a confidential VM
part
#669
base: main
Are you sure you want to change the base?
Conversation
caf10d4
to
59845bb
Compare
59845bb
to
10e1765
Compare
10e1765
to
c94337c
Compare
Thanks @dustymabe for the kindly review and suggestions! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Maybe we can get someone to run through the steps before we merge, though.
For this PR and #671, we should add a note that while the resulting VM is launched in Confidential Mode, it does not really is a "Confidential VM". The disk still needs to be encrypted, the security offered by Secure Boot right now is almost non-existent, etc. At this stage, this is more a developer facing documentation as there would be very little benefits for users. |
does that mean you'd need to upload your own disk image (already encrypted)? are there steps for the more "Confidential" option? |
It varies per cloud and setups. Azure has support to encrypt a disk image for you (just the rootfs), bind it to a TPM and then pass it to a new Confidential VM. I don't think we support that in FCOS right now (at least I've not tested). In the more general case, you would encrypt the disk on first boot. This requires in turn that you can verify the content that you are pulling from the rootfs so this essentially requires composefs with fs-verity. You also have to verify that you booted the right thing with the expected ignition config, so this calls for Secure Boot signed UKI and remote attestation. So overall, the complete setup for Confidential Computing is not ready right now thus I would prefer that we don't present it in the docs as a "turn this switch on" section. It's good to have this documented (thanks @HuijingHei) but let's make it clear that it needs more work to actually get a confidential VM. |
Maybe can hold this until we support FCOS as a real confidential VM, in case resulting confusion for users. |
No description provided.