Additionally, make sure the following kernel options are enabled:
CONFIG_GVE
CONFIG_NET_VENDOR_GOOGLE
CONFIG_PCI_MSI
CONFIG_SWIOTLB
Google Virtual Network Interface Controller (gVNIC) device driver
Use version 1.01 or later of the gVNIC driver. For additional instructions, see
Using Google Virtual NIC.
NVMe interface
The NVMe interface must be available during boot on the guest operating system
for persistent disks and attached SSDs.
The kernel and initramfs image (if used) must include the NVMe driver module to
mount the root directory.
Operating system feature tags
Confidential VM instance creation requires that the image has one of the
following guest OS feature tags, depending on the Confidential Computing
technology in use:
SEV_CAPABLE
SEV_LIVE_MIGRATABLE_V2
SEV_SNP_CAPABLE
TDX_CAPABALE
The following OS feature tags should also be added:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eConfidential VM instances can be created using custom Linux images, following a similar process as standard Compute Engine custom image creation but with specific additional requirements.\u003c/p\u003e\n"],["\u003cp\u003eThe minimum kernel version for Confidential VM varies depending on the required technology: SEV needs 5.11 or later, SEV with live migration requires 6.6 or 6.1 LTS or later, and SEV-SNP or Intel TDX require 6.1LTS or later or 6.6 or later respectively.\u003c/p\u003e\n"],["\u003cp\u003eSpecific kernel options such as \u003ccode\u003eCONFIG_AMD_MEM_ENCRYPT\u003c/code\u003e, \u003ccode\u003eCONFIG_GVE\u003c/code\u003e, \u003ccode\u003eCONFIG_NET_VENDOR_GOOGLE\u003c/code\u003e, \u003ccode\u003eCONFIG_PCI_MSI\u003c/code\u003e, and \u003ccode\u003eCONFIG_SWIOTLB\u003c/code\u003e must be enabled in the kernel configuration for both AMD SEV/SEV-SNP and Intel TDX.\u003c/p\u003e\n"],["\u003cp\u003eThe gVNIC driver must be version 1.01 or later, and the NVMe interface must be available at boot with the appropriate driver included in the kernel and initramfs.\u003c/p\u003e\n"],["\u003cp\u003eWhen creating a Confidential VM instance, the image must include specific guest OS feature tags such as \u003ccode\u003eSEV_CAPABLE\u003c/code\u003e, \u003ccode\u003eSEV_LIVE_MIGRATABLE_V2\u003c/code\u003e, \u003ccode\u003eSEV_SNP_CAPABLE\u003c/code\u003e, or \u003ccode\u003eTDX_CAPABLE\u003c/code\u003e, as well as \u003ccode\u003eGVNIC\u003c/code\u003e, \u003ccode\u003eUEFI_COMPATIBLE\u003c/code\u003e, and \u003ccode\u003eVIRTIO_SCSI_MULTIQUEUE\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]
