Let’s get confidential! Canonical Ubuntu Confidential VMs are now generally available on Microsoft Azure
Tags: confidential computing , confidential VM , Trusted Execution Environment , Trusted execution environments
On behalf of all Canonical teams, I am happy to announce the general availability of Ubuntu Confidential VMs (CVMs) on Microsoft Azure! They are part of the Microsoft Azure DCasv5/ECasv5 series, and only take a few clicks to enable and use. Ubuntu 20.04 is the first and only Linux distribution to support Confidential VMs on Azure.
Ubuntu CVMs use the latest security extensions of the third generation of AMD CPUs, Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). As such, they bring about a fundamental shift in the traditional threat model of public clouds. Traditionally, any vulnerability within the millions of lines of code in the cloud’s privileged system software (OS, hypervisor, firmware) would systematically compromise the confidentiality and integrity of your running code and data. The same could be said for any undue access to your VM and/or its platform by a malicious cloud administrator.
Ubuntu CVMs are here to give you back control over the security guarantees of your VMs. They do this by allowing you to run your workload within a logically isolated hardware-rooted execution environment. Your trusted computing base is dramatically reduced to your application and the platform’s underlying hardware CPU, and nothing else. In other words, a compromised host OS or an angry cloud administrator can no longer access your data nor alter your code’s execution.
