Oracle Cloud Infrastructure Documentation

Confidential Computing For Oracle Linux

Confidential Computing protects sensitive workloads on OCI virtual machines (VM) and bare metal (BM) shapes using hardware-based Trusted Execution Environments (TEEs), such as AMD SEV.

About Confidential Computing

Confidential Computing uses hardware-based isolation to protect data in use, providing secure environments for sensitive workloads. In OCI, enabling confidential computing protects workloads against threat vectors targeting the hypervisor, firmware, and other privileged software, reducing attack surfaces common in multi-tenant and cloud environments.

Confidential computing solutions on OCI leverage CPU and platform features, such as AMD Secure Encrypted Virtualization (SEV), to create secure execution contexts called Trusted Execution Environments (TEEs). TEEs provide runtime memory encryption and integrity protection by isolating code and data from the rest of the system, including the hypervisor and firmware.

Enabling Confidential Computing on VM Shapes

Create compatible OCI VM shapes with confidential computing enabled to protect workloads with hardware-based isolation and runtime memory encryption.

When you enable confidential computing on a VM shape, the host system is already configured for confidential computing. The required settings are applied to the VM automatically and no further configuration is needed.

To enable confidential computing on a VM shape, perform the following steps:

  1. Select a supported VM shape in OCI which can be enabled for confidential computing.

    VM shapes that provide confidential computing are described in Confidential Computing. Supported shapes allow you to enable the "Confidential Computing" capability in the Console or CLI when creating an instance.

  2. During the instance creation workflow, ensure the Enable Confidential Computing option is selected in the shape configuration.
    See Creating an Instance for more information.
  3. Complete all other instance configuration as needed, including networking, platform image, and boot volume settings. Then start the VM instance.
    Ensure that you select an Oracle Linux platform image.