What are Red Hat Confidential Virtual Machines?
Confidential Virtual Machines (CVMs) are a set of hardware and software technologies which provide additional measures for the confidentiality of the data processed within the VMs. Namely, the data is protected from the physical host which runs the VM at all stages: in transit, at rest and in use. These protections are especially important when the owner of the VM differs from the owner of the infrastructure, e.g. when the workload runs on a public cloud.
Red Hat Enterprise Linux aims to support the emerging CVM use-case by enabling the hardware technologies such as AMD SEV-SNP and Intel TDX as well as adding support to the software stack, making sure the confidentiality guarantees are preserved and that the VM can be attested by the owner to prove its qualities.
Introduction to confidential virtual machines
June 8, 2023 - Vitaly Kuznetsov
In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to better secure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). Read full post
RHEL confidential virtual machines on Azure: A technical deep dive
June 21, 2023 - Vitaly Kuznetsov
The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes implemented to support the emerging confidential computing use-case, and some of the expected changes in the future. Read full post
How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines
July 26, 2023 - Vitaly Kuznetsov
With the release of Red Hat Enterprise Linux 9.2 (RHEL), it's possible to run the Technology Preview of RHEL on an Azure confidential virtual machine (CVM). In a previous article, I provided the high-level requirements for a Linux operating system to support a CVM use-case, as well as the changes made to the RHEL 9.2 operating system to support the features provided by Azure CVMs to better secure data confidentiality. In this article, I focus on how to get access to the CVM Preview image, and how to launch an Azure CVM using that image. Read full post
Red Hat Enterprise Linux 9.3 on Azure confidential virtual machines: What’s new?
November 15, 2023 - Vitaly Kuznetsov
Previously, Red Hat and Microsoft introduced support for Red Hat Enterprise Linux 9.2 (RHEL) on Azure confidential virtual machines (CVMs). The RHEL9.2 CVM Preview image was available as “private preview” and in How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines, I described how to sign up for the preview and get access to the image. With the release of RHEL 9.3 , RHEL CVM Preview image on Azure became available as “public preview” so no specific sign-up process is required. In this article, I will focus on the changes between RHEL 9.2 and RHEL 9.3 for CVM Preview images. Read full post
Red Hat Enterprise Linux and Secure Boot in the cloud
July 17, 2024 - Vitaly Kuznetsov
In this article, we will focus on how to enable and configure Secure Boot for various Red Hat Enterprise Linux (RHEL) image types in AWS, Google Cloud and Microsoft Azure. Read full post
Extending Red Hat Unified Kernel Images By Using Addons
August 2, 2024 - Emanuele Giuseppe Esposito
With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue. In this blog, I explore the addons that enable safer extension of the UKI kernel command line. Read full post
Confidential VMs in the cloud - DevConf.CZ 2023
Confidential instance types are the newest addition to public clouds like Microsoft Azure and Google Cloud Platform (GCP) but what does "confidential" really mean? The session will focus on which additional security guarantees are provided and what's required from Linux-based operating systems to make use of these guarantees. Using Azure Confidential VMs as an example, I'll focus on boot process, guest image requirements, Unified Kernel Images (UKIs), full disk encryption with vTPMs and PCR measurements.
About the author
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit