Google Cloud has announced new Confidential Computing updates, providing even more hardware security options. This announcement highlights Google Cloud's continued commitment to ensuring data safety and security, with a particular focus on fortifying the hardware security of Compute Engine virtual machines (VMs) through Confidential Computing. Confidential Computing safeguards data while it's being used and processed using a hardware-based Trusted Execution Environment (TEE). TEEs are secure and isolated environments that prevent unauthorized access or modification of applications and data while in use.

One of the key updates is the general availability of Confidential VMs with AMD SEV on the C3D machine series. This offering utilizes hardware-based memory encryption to ensure that your data and applications cannot be read or modified while in use. This expansion provides security-minded customers with the latest general-purpose hardware with enhanced performance and data confidentiality.

Additionally, Confidential VMs with Intel TDX are now generally available on the general-purpose C3 machine series. These VMs also offer hardware-based memory encryption, further bolstering data and application security. Another significant advantage of Confidential VMs with Intel TDX is their support for built-in CPU acceleration with Intel AMX, designed to accelerate artificial intelligence (AI) and machine learning (ML) workloads.

Google Cloud also announced the general availability of Confidential VMs with AMD SEV-SNP on the N2D machine series. These VMs provide additional security features like Secure Nested Paging, which helps prevent malicious hypervisor-based attacks such as data replay and memory remapping.

To further enhance security, Google Cloud now offers signed UEFI binaries for Confidential VMs with AMD SEV-SNP and Intel TDX. Signing UEFI binaries adds an extra layer of protection against unauthorized modifications or tampering, ensuring that the firmware running on your Confidential VMs is genuine and uncompromised.

Finally, Google Cloud attestation now supports Confidential VMs with AMD SEV. This service allows customers to verify that their VMs are running in a trusted TEE environment using the Go-TPM tool to retrieve an attestation quote from an AMD SEV Confidential VM instance's vTPM.

Overall, these Confidential Computing updates demonstrate Google Cloud's dedication to providing robust hardware security options, enabling customers to protect their sensitive data and workloads in a trusted cloud environment.