Inscreva-se no feed

What are Red Hat Confidential Virtual Machines? 

Confidential Virtual Machines (CVMs) are a set of hardware and software technologies which provide additional measures for the confidentiality of the data processed within the VMs. Namely, the data is protected from the physical host which runs the VM at all stages: in transit, at rest and in use. These protections are especially important when the owner of the VM differs from the owner of the infrastructure, e.g. when the workload runs on a public cloud.

Red Hat Enterprise Linux aims to support the emerging CVM use-case by enabling the hardware technologies such as AMD SEV-SNP and Intel TDX as well as adding support to the software stack, making sure the confidentiality guarantees are preserved and that the VM can be attested by the owner to prove its qualities.


LIST OF BLOGS

Introduction to confidential virtual machines

June 8, 2023 - Vitaly Kuznetsov

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to better secure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview).  Read full post

RHEL confidential virtual machines on Azure: A technical deep dive

June 21, 2023 - Vitaly Kuznetsov

The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes implemented to support the emerging confidential computing use-case, and some of the expected changes in the future.  Read full post

How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines

July 26, 2023 - Vitaly Kuznetsov

With the release of Red Hat Enterprise Linux 9.2 (RHEL), it's possible to run the Technology Preview of RHEL on an Azure confidential virtual machine (CVM). In a previous article, I provided the high-level requirements for a Linux operating system to support a CVM use-case, as well as the changes made to the RHEL 9.2 operating system to support the features provided by Azure CVMs to better secure data confidentiality. In this article, I focus on how to get access to the CVM Preview image, and how to launch an Azure CVM using that image. Read full post

Red Hat Enterprise Linux 9.3 on Azure confidential virtual machines: What’s new?

November 15, 2023 - Vitaly Kuznetsov

Previously, Red Hat and Microsoft introduced support for Red Hat Enterprise Linux 9.2 (RHEL) on Azure confidential virtual machines (CVMs). The RHEL9.2 CVM Preview image was available as “private preview” and in How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines, I described how to sign up for the preview and get access to the image. With the release of RHEL 9.3 , RHEL CVM Preview image on Azure became available as “public preview” so no specific sign-up process is required. In this article, I will focus on the changes between RHEL 9.2 and RHEL 9.3 for CVM Preview images. Read full post

Red Hat Enterprise Linux and Secure Boot in the cloud

July 17, 2024 - Vitaly Kuznetsov

In this article, we will focus on how to enable and configure Secure Boot for various Red Hat Enterprise Linux (RHEL) image types in AWS, Google Cloud and Microsoft Azure. Read full post

Extending Red Hat Unified Kernel Images By Using Addons

August 2, 2024 - Emanuele Giuseppe Esposito

With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue. In this blog, I explore the addons that enable safer extension of the UKI kernel command line. Read full post


Videos

Confidential VMs in the cloud - DevConf.CZ 2023 

Confidential instance types are the newest addition to public clouds like Microsoft Azure and Google Cloud Platform (GCP) but what does "confidential" really mean? The session will focus on which additional security guarantees are provided and what's required from Linux-based operating systems to make use of these guarantees. Using Azure Confidential VMs as an example, I'll focus on boot process, guest image requirements, Unified Kernel Images (UKIs), full disk encryption with vTPMs and PCR measurements. 


Sobre o autor

UI_Icon-Red_Hat-Close-A-Black-RGB

Navegue por canal

automation icon

Automação

Últimas novidades em automação de TI para empresas de tecnologia, equipes e ambientes

AI icon

Inteligência artificial

Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente

open hybrid cloud icon

Nuvem híbrida aberta

Veja como construímos um futuro mais flexível com a nuvem híbrida

security icon

Segurança

Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias

edge icon

Edge computing

Saiba quais são as atualizações nas plataformas que simplificam as operações na borda

Infrastructure icon

Infraestrutura

Saiba o que há de mais recente na plataforma Linux empresarial líder mundial

application development icon

Aplicações

Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações

Original series icon

Programas originais

Veja as histórias divertidas de criadores e líderes em tecnologia empresarial