Google is going to offer a new kind of virtual machines in its Cloud service. The Confidential VMs are intended to store data encrypted in memory. Confidential VMs run on AMD’s Epyc CPUs.
The Confidential VMs are a beta feature within the new Confidential Computing platform. Google wants to ensure that data is not only encrypted at rest and during transmission, but also during indexing and storage in the working memory. Google announced the Confidential VMs this week at the Google Next virtual event.
Confidential VMs are virtual machines in Google Cloud where the data is therefore also encrypted outside the CPUs. The VMs do not run on Intel Xeon processors, like most Google Cloud applications, but on the second generation AMD Epyc CPUs. The machines use the socs’ Secure Encrypted Virtualization enclave.
The encryption keys are generated by the hardware Secure Processor and cannot therefore be exported. According to Google, existing Cloud workloads running in standard VMs can be easily ported to Confidential VMs.