Ensure that the Virtual Trusted Platform Module (vTPM) feature is enabled for your Vertex AI notebook instances in order to protect them against persistent and advanced attacks. vTPM safeguards the guest VM's boot process by validating its integrity before and during startup. Additionally, it provides secure generation and protection for encryption keys.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
Enabling Virtual Trusted Platform Module (vTPM) for Google Cloud Vertex AI Notebook instances enhances security by providing hardware-based encryption, secure boot, and trusted storage for cryptographic keys, helping to meet compliance requirements and protect sensitive data from unauthorized access and tampering.
Audit
To determine if your Vertex AI notebook instances are protected with vTPM, perform the following operations:
Remediation / Resolution
To enable the Virtual Trusted Platform Module (vTPM) security feature for your Google Cloud Vertex AI notebook instances, perform the following operations:
Enabling vTPM for Vertex AI notebook instances using Google Cloud Platform (GCP) console is not currently supported.References
- Google Cloud Platform (GCP) Documentation
- Shielded VMs
- What is Shielded VM?
- Introduction to Vertex AI Workbench
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud workbench instances list
- gcloud workbench instances describe
- gcloud workbench instances stop
- gcloud workbench instances update
- gcloud workbench instances start