Google will offer a new kind of virtual machines in its Cloud service. The Confidential VMs are intended to store data encrypted in memory. Confidential VMs run on AMD’s Epyc CPUs.
The Confidential VMs are a beta feature within the new Confidential Computing platform. Google wants to ensure that data is not only encrypted at rest and during transmission, but also when indexing and storing in working memory. Google announced the Confidential VMs this week at the Google Next virtual event.
Confidential VMs are virtual machines in Google Cloud, so the data is also encrypted outside the CPUs. The VMs do not run on Intel Xeon processors, like most Google Cloud applications, but on the second generation AMD Epyc CPUs. The machines use the Secure Encrypted Virtualization enclave of the socs.
The encryption keys are generated by the hardware Secure Processor and therefore cannot be exported. According to Google, existing Cloud workloads running in standard VMs can be easily ported to Confidential VMs.