Enable confidential computing

Ubuntu images on Oracle Cloud Infrastructure support confidential computing on AMD EPYC™ processors. On OCI E3 and E4 shapes you have access to the AMD confidential computing technology SEV (Secure Encrypted Virtualization). SEV isolates VM guests from the hypervisor through encrypted memory with a key per VM. See AMD documentation for more information.

Prerequisites

You’ll need

  • a compartment to create the instance in

  • (optional) a Virtual Cloud Network (VCN) to create the instance in. If you don’t have one already, you can create a new VCN when you create the instance

  • a region that supports OCI confidential computing (see Oracle CC documentation)

Create an instance with confidential computing

While creating a new instance using Compute > Instances > Create instance, under Image and shape select Change image > Ubuntu. Then choose the desired Ubuntu release and image build that is marked to support the security feature Confidential computing.

Example Ubuntu 24.04 images that support confidential computing:

../../_images/1_ubuntu_images.png

Additionally, under Image and shape, select Change shape and select a shape that is marked to support Confidential computing. If there are no shapes listed that support confidential computing, verify that the region selected has support for confidential computing (refer Oracle CC documentation).

For example, the VM.Standard.E4.Flex shape supports confidential computing in the US West (Phoenix) region:

../../_images/2_confidential_shapes.png

Finally, under Security enable Confidential computing.

../../_images/3_security.png

Further references

For more information about creating confidential computing enabled instances, refer to the Oracle Cloud documentation: