Azure customers can now specify the RHEL 9.3 image as the guest OS for their AMD-based confidential VMs. This helps ensure sensitive data processed by their RHEL guest OS is protected in use, in memory. Azure AMD-based confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. These features are included with all Azure confidential VMs:
-
Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries.
-
In-memory encryption of data with a hardware based dedicated key per VM helping to guard against attacks from a malicious OS, or Hypervisor components.
-
Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data.
To learn more, read the blog announcement.