Create a Confidential VM instance with GPU

To use GPUs with Confidential VM, you must create a Confidential VM instance using the spot or flex-start provisioning model based on the a3-highgpu-1g machine type and use Intel TDX. After you create the VM instance, you then enable confidential computing mode on the attached GPU.

To create a VM instance using the spot or flex-start model, do the following:

• To use the spot model, create an accelerator-optimized Spot VM instance. For detailed steps, see Spot model.

• To use the flex-start model, create a managed instance group (MIG). For detailed steps, see Flex-start model.

Before you begin

• To make sure that you have sufficient GPU quota for the resources you're requesting, check your GPU quota. For Confidential VM instance with a GPU, request preemptible GPU quota to use the resources. When you request GPU quota, you must request quota for the GPU models that you want to create in each region, and additional global quota (GPUs (all regions)) for the total number of GPUs of all types in all regions.
• To understand quota consumption, read GPU VMs and preemptible allocation quotas.

Spot model

  gcloud compute instances create INSTANCE_NAME \
      --provisioning-model=SPOT \
      --confidential-compute-type=TDX \
      --machine-type=a3-highgpu-1g \
      --maintenance-policy=TERMINATE \
      --zone=ZONE_NAME \
      --image-project=IMAGE_PROJECT \
      --image-family=IMAGE_FAMILY_NAME \
      --boot-disk-size=30G

  POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

  {
    "name": "INSTANCE_NAME",
    "confidentialInstanceConfig": {
      "confidentialInstanceType": "TDX"
    },
    "machineType": "zones/ZONE_NAME/machineTypes/a3-highgpu-1g",
    "scheduling": {
      "onHostMaintenance": "TERMINATE",
      "provisioningModel": "SPOT"
    },
    "disks": [
      {
        "autoDelete": true,
        "boot": true,
        "index": 0,
        "initializeParams": {
          "diskSizeGb": "30",
          "sourceImage": "projects/IMAGE_PROJECT/global/images/family/IMAGE_FAMILY_NAME"
        },
        "kind": "compute#attachedDisk",
        "mode": "READ_WRITE",
        "type": "PERSISTENT"
      }
    ],
    "networkInterfaces": [
      {
        "accessConfigs": [
          {
            "name": "external-nat",
            "type": "ONE_TO_ONE_NAT",
            "kind": "compute#accessConfig",
            "networkTier": "PREMIUM"
          }
        ],
        "kind": "compute#networkInterface",
        "name": "nic0",
        "network": "projects/PROJECT_ID/global/networks/default"
      }
    ]
  }

Flex-start model

To use the flex-start model, you first create an instance template, and then create a MIG using that template. You can then add GPU VM instances to the MIG using resize requests.

Using a MIG resize request with the flex-start provisioning model improves the obtainability of GPU VM instances. For more information, see About resize requests in a MIG.

Before you begin

See the prerequisites for creating a MIG and the limitations for creating a resize request in a MIG.

Create a MIG with GPU VM instances

To create an instance template, and then to use the template to create a MIG, complete the following steps.

1. Create an instance template.

   gcloud

   gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
       --confidential-compute-type=TDX \
       --machine-type=a3-highgpu-1g \
       --maintenance-policy=TERMINATE \
       --image-project=IMAGE_PROJECT \
       --image-family=IMAGE_FAMILY_NAME \
       --reservation-affinity=none \
       --boot-disk-size=30G \
       --project=PROJECT_ID
   

   To enable Secure Boot, you can optionally use the --shielded-secure-boot flag for VM instance boots.

   Provide the following values:

   • INSTANCE_TEMPLATE_NAME: The name of the new VM instance template.

   • IMAGE_PROJECT: The project containing the supported operating system image. We recommend using the ubuntu-os-cloud image project for Ubuntu images. You can optionally use the confidential-vm-images image project for Container-Optimized OS images.

   • IMAGE_FAMILY_NAME: The family for the Confidential VM-supported operating system image. When using the ubuntu-os-cloud image project, we recommend using the ubuntu-2204-lts image family. For Container-Optimized OS images from the confidential-vm-images project, use the cos-tdx-113-lts image family.

   • PROJECT_ID: Optional. The ID of the project to create the VM in.

   REST

   To create a Confidential VM instance template, send the following POST request with the appropriate body content.

   The HTTP method and URL:

   POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/ZONE_NAME/instanceTemplates
   

   Request JSON body:

   {
     "name": "INSTANCE_TEMPLATE_NAME",
     "properties": {
       "confidentialInstanceConfig": {
         "confidentialInstanceType": "TDX"
       },
       "machineType": "a3-highgpu-1g",
       "scheduling": {
         "automaticRestart": true,
         "onHostMaintenance": "TERMINATE",
         "preemptible": false,
         "provisioningModel": "STANDARD"
       },
       "disks": [
         {
           "autoDelete": true,
           "index": 0,
           "boot": true,
           "kind": "compute#attachedDisk",
           "mode": "READ_WRITE",
           "initializeParams": {
             "sourceImage": "projects/IMAGE_PROJECT/global/images/family/IMAGE_FAMILY_NAME",
             "diskSizeGb": "30"
           },
           "type": "PERSISTENT"
         }
       ],
       "networkInterfaces": [
         {
           "accessConfigs": [
             {
               "kind": "compute#accessConfig",
               "name": "external-nat",
               "networkTier": "PREMIUM",
               "type": "ONE_TO_ONE_NAT"
             }
           ],
           "kind": "compute#networkInterface",
           "name": "nic0",
           "network": "projects/PROJECT_ID/global/networks/default"
         }
       ],
       "reservationAffinity": {
         "consumeReservationType": "NO_RESERVATION"
       },
       "canIpForward": false,
       "metadata": {
         "fingerprint": "3y_uc6s9Qvs=",
         "kind": "compute#metadata"
       }
     }
   }
   

   To enable Secure Boot, you can optionally include the following object for VM instance boots.

     "shieldedInstanceConfig": {
       "enableIntegrityMonitoring": true,
       "enableSecureBoot": true,
       "enableVtpm": true
     }
   

   Provide the following values:

   • PROJECT_ID: Optional. The ID of the project to create the VM in.

   • ZONE_NAME: The supported zone to create the MIG in.

   • INSTANCE_TEMPLATE_NAME: The name of the new VM instance template.

   • IMAGE_PROJECT: The project containing the supported operating system image. We recommend using the ubuntu-os-cloud image project for Ubuntu images. You can optionally use the confidential-vm-images image project for Container-Optimized OS images.

   • IMAGE_FAMILY_NAME: The family for the Confidential VM-supported operating system image. When using the ubuntu-os-cloud image project, we recommend using the ubuntu-2204-lts image family. For Container-Optimized OS images from the confidential-vm-images project, use the cos-tdx-113-lts image family.

2. Create a MIG and a resize request to add GPU VM instances all at once.

3. List the instances present in the MIG.

   gcloud

   gcloud compute instance-groups managed list-instances INSTANCE_GROUP_NAME \
       --zone=ZONE_NAME \
       --project=PROJECT_ID
   

   Provide the following values:

   • INSTANCE_GROUP_NAME: The name of the MIG.

   • ZONE_NAME: The supported zone to get a list of VM instances from.

   • PROJECT_ID: Optional. The ID of the project to get a list of VM instances from.

   REST

   To list all instances, send the following GET request.

   The HTTP method and URL:

   GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instanceTemplates
   

   To narrow the list of instances to a specific zone, send the following GET request.

   The HTTP method and URL:

   GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/ZONE_NAME/instanceTemplates
   

   Provide the following values:

   • ZONE_NAME: The supported zone to get a list of VM instances from.

   • PROJECT_ID: The ID of the project to get a list of VM instances from.

Enable confidential computing mode on the GPU

1. Connect to a VM instance in the MIG using the gcloud compute ssh command.

   gcloud compute ssh
   

2. Update the package list and install the necessary tools and libraries.

   sudo apt-get update --yes
   sudo apt-get install linux-headers-$(uname -r)
   sudo apt install -y build-essential libxml2 libncurses5-dev pkg-config libvulkan1 gcc-12
   

3. Install the appropriate GPU drivers on the VM instance. For Secure Boot enabled VM instances, see Install GPU drivers (Secure Boot VMs). We recommend using the nvidia-driver-575-open driver version.

4. To configure a secure communication between the GPU and the GPU driver, enable the Linux Kernel Crypto API (LKCA).

   echo "install nvidia /sbin/modprobe ecdsa_generic; /sbin/modprobe ecdh; /sbin/modprobe --ignore-install nvidia" | sudo tee /etc/modprobe.d/nvidia-lkca.conf
   sudo update-initramfs -u
   

5. Enable persistence mode to establish a secure Security Protocol and Data Model (SPDM) connection between the GPU and the GPU driver.

   sudo test -f /usr/lib/systemd/system/nvidia-persistenced.service && sudo sed -i "s/no-persistence-mode/uvm-persistence-mode/g" /usr/lib/systemd/system/nvidia-persistenced.service
   sudo systemctl daemon-reload
   

6. Reboot the VM instance to apply LKCA and persistence mode configurations.

   sudo reboot
   

7. (Optional) Install the following CUDA samples.

   wget -O cuda-samples.tar.gz https://github.com/NVIDIA/cuda-samples/archive/refs/tags/v12.5.tar.gz
   tar xzvf cuda-samples.tar.gz
   

What's next

• Learn how to verify confidential mode is enabled on GPUs.