Shielded VM Images

Shielded VM offers verifiable integrity of your Compute Engine VM instances, so you can be confident your instances haven't been compromised by boot- or kernel-level malware or rootkits. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring.

 

Shielded VM is the first offering in the Shielded Cloud initiative. The Shielded Cloud initiative is meant to provide an even more secure foundation for all of intelHUB Cloud Platform by providing verifiable integrity and offering features, like vTPM shielding or sealing, that help prevent data exfiltration.

Secure Boot

 

Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.

 

Shielded VM instances run firmware which is signed and verified using intelHUB’s Certificate Authority, ensuring that the instance’s firmware is unmodified and establishing the root of trust for Secure Boot. Secure Boot uses Unified Extensible Firmware Interface (UEFI) 2.3.1 firmware, which securely stores the keys used by the software manufacturers to sign the system firmware, the system boot loader, and any binaries they load. During the boot sequence, the UEFI firmware verifies the digital signature of each boot component against a database of approved keys. Any boot component that isn’t properly signed, or isn’t signed at all, isn’t allowed to run.

 

If this occurs, the VM instance will show an error state in the GCP console, and the VM instance’s serial console log will have an entry containing the strings UEFI: Failed to load image and Status: Security Violation, along with a description of the boot option that failed. To troubleshoot the failure, disable Secure Boot by using the instructions in Modifying Shielded VM Options so that you can boot the VM instance, diagnose and resolve the issue, then re-enable Secure Boot.

Virtual Trusted Platform Module (vTPM)

 

A vTPM is a virtualised trusted platform module, which is a specialised computer chip you can use to protect objects, like keys and certificates, that you use to authenticate access to your system. The Shielded VM vTPM is fully compatible with the Trusted Computing Group (TPM) library specification 2.0 and uses BoringSSL, which is FIPS 140-2 L1 validated.

 

The Shielded VM vTPM enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.

 

You can also use the vTPM to protect secrets through shielding or sealing.

 

Measured Boot

During Measured Boot, a hash of each component (for example, the firmware, bootloader, or kernel) is created as the component is loaded, and that hash is then concatenated and rehashed with the hashes of any components that have already been loaded, as illustrated below:

This information identifies both the components that were loaded, and their load order.

 

The first time you boot a VM instance, Measured Boot creates the integrity policy baseline from the first set of these measurements, and securely stores this data. Each time the VM instance boots after that, these measurements are taken again, and stored in secure memory until the next reboot. Having these two sets of measurements enables integrity monitoring, which you can use to determine if there have been changes to a VM instance’s boot sequence.

Integrity monitoring

Integrity monitoring helps you understand and make decisions about the state of your VM instances.

 

Integrity monitoring relies on the measurements created by Measured Boot, which use platform configuration registers (PCRs) to store information about the components and component load order of both the integrity policy baseline (a known good boot sequence), and the most recent boot sequence.

 

Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not, one for the early boot sequence and one for the late boot sequence. Early boot is the boot sequence from the start of the UEFI firmware until it passes control to the bootloader. Late boot is the boot sequence from the bootloader until it passes control to the operating system kernel. If either part of the most recent boot sequence doesn’t match the baseline, you get an integrity validation failure.

 

If the failure is expected, for example if you applied a system update on that VM instance, you should update the integrity policy baseline. Updating the integrity policy baseline sets the baseline to the measurements captured from the most recent boot sequence. If it is not expected, you should stop that VM instance and investigate the reason for the failure.

Want To Know More​

Need further information or require a quotation?

All calls are recorded for security, training and quality purposes

Our lines are open Monday to Friday from 9am to 5.30pm. Dialling an 0330 number costs the same to dial as a call to a geographic (local) number. They cost the same to call from a landline or mobile and are included in mobile call packages.

You are calling our Network Operations Centre based in London, United Kingdom.

Just so you know, we are not able to accept telesales or telemarketing calls and can't be transferred.

Working proudly with skilled teams of people knowing we push the boundaries staying ahead of the curve producing high performance results.