What are Red Hat Confidential Virtual Machines?
Confidential Virtual Machines (CVMs) are a set of hardware and software technologies which provide additional measures for the confidentiality of the data processed within the VMs. Namely, the data is protected from the physical host which runs the VM at all stages: in transit, at rest and in use. These protections are especially important when the owner of the VM differs from the owner of the infrastructure, e.g. when the workload runs on a public cloud.
Red Hat Enterprise Linux aims to support the emerging CVM use-case by enabling the hardware technologies such as AMD SEV-SNP and Intel TDX as well as adding support to the software stack, making sure the confidentiality guarantees are preserved and that the VM can be attested by the owner to prove its qualities.
Introduction to confidential virtual machines
June 8, 2023 - Vitaly Kuznetsov
In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to better secure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). Read full post
RHEL confidential virtual machines on Azure: A technical deep dive
June 21, 2023 - Vitaly Kuznetsov
The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes implemented to support the emerging confidential computing use-case, and some of the expected changes in the future. Read full post
How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines
July 26, 2023 - Vitaly Kuznetsov
With the release of Red Hat Enterprise Linux 9.2 (RHEL), it's possible to run the Technology Preview of RHEL on an Azure confidential virtual machine (CVM). In a previous article, I provided the high-level requirements for a Linux operating system to support a CVM use-case, as well as the changes made to the RHEL 9.2 operating system to support the features provided by Azure CVMs to better secure data confidentiality. In this article, I focus on how to get access to the CVM Preview image, and how to launch an Azure CVM using that image. Read full post
Red Hat Enterprise Linux 9.3 on Azure confidential virtual machines: What’s new?
November 15, 2023 - Vitaly Kuznetsov
Previously, Red Hat and Microsoft introduced support for Red Hat Enterprise Linux 9.2 (RHEL) on Azure confidential virtual machines (CVMs). The RHEL9.2 CVM Preview image was available as “private preview” and in How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines, I described how to sign up for the preview and get access to the image. With the release of RHEL 9.3 , RHEL CVM Preview image on Azure became available as “public preview” so no specific sign-up process is required. In this article, I will focus on the changes between RHEL 9.2 and RHEL 9.3 for CVM Preview images. Read full post
Red Hat Enterprise Linux and Secure Boot in the cloud
July 17, 2024 - Vitaly Kuznetsov
In this article, we will focus on how to enable and configure Secure Boot for various Red Hat Enterprise Linux (RHEL) image types in AWS, Google Cloud and Microsoft Azure. Read full post
Extending Red Hat Unified Kernel Images By Using Addons
August 2, 2024 - Emanuele Giuseppe Esposito
With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue. In this blog, I explore the addons that enable safer extension of the UKI kernel command line. Read full post
Confidential VMs in the cloud - DevConf.CZ 2023
Confidential instance types are the newest addition to public clouds like Microsoft Azure and Google Cloud Platform (GCP) but what does "confidential" really mean? The session will focus on which additional security guarantees are provided and what's required from Linux-based operating systems to make use of these guarantees. Using Azure Confidential VMs as an example, I'll focus on boot process, guest image requirements, Unified Kernel Images (UKIs), full disk encryption with vTPMs and PCR measurements.
关于作者
产品
工具
试用购买与出售
沟通
关于红帽
我们是世界领先的企业开源解决方案供应商,提供包括 Linux、云、容器和 Kubernetes。我们致力于提供经过安全强化的解决方案,从核心数据中心到网络边缘,让企业能够更轻松地跨平台和环境运营。