Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Virtual Trusted Platform Module (vTPM) for Workbench Instances

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: VertexAI-004

Ensure that the Virtual Trusted Platform Module (vTPM) feature is enabled for your Vertex AI notebook instances in order to protect them against persistent and advanced attacks. vTPM safeguards the guest VM's boot process by validating its integrity before and during startup. Additionally, it provides secure generation and protection for encryption keys.

This rule resolution is part of the Conformity Security & Compliance tool for GCP.

Security

Enabling Virtual Trusted Platform Module (vTPM) for Google Cloud Vertex AI Notebook instances enhances security by providing hardware-based encryption, secure boot, and trusted storage for cryptographic keys, helping to meet compliance requirements and protect sensitive data from unauthorized access and tampering.


Audit

To determine if your Vertex AI notebook instances are protected with vTPM, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the GCP project that you want to examine from the console top navigation bar.

03 Navigate to Vertex AI console available at https://console.cloud.google.com/vertex-ai.

04 In the main navigation panel, under NOTEBOOKS, choose Workbench, and select the INSTANCES tab.

05 Choose View: INSTANCES to list the Vertex AI notebook instances created for the selected GCP project.

06 Click on the name (link) of the notebook instance that you want to examine.

07 Select the SOFTWARE AND SECURITY tab and check the vTPM feature status. If the vTPM status is set to Disabled, the Virtual Trusted Platform Module (vTPM) security feature is not enabled for the selected Vertex AI notebook instance.

08 Repeat steps no. 6 and 7 for each Vertex AI notebook instance launched for the selected GCP project.

09 Repeat steps no. 2 – 8 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom query filters to list the ID of each project available in your Google Cloud account:

gcloud projects list
  --format="table(projectId)"

02 The command output should return the requested GCP project ID(s):

PROJECT_ID
cc-vertex-project-123123
cc-appdata-project-112233

03 Run workbench instances list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter, to describe the name of each Vertex AI notebook instance created for the selected project:

gcloud workbench instances list
  --project cc-vertex-project-123123
  --location=us-central1-a
  --format="(NAME)"

04 The command output should return the requested notebook instance names:

NAME: tm-vertex-ai-notebook-instance
NAME: tm-development-notebook-instance

05 Run workbench instances describe command (Windows/macOS/Linux) with the name of the Vertex AI notebook instance that you want to examine as the identifier parameter and custom output filters to describe the Virtual Trusted Platform Module (vTPM) feature status for the selected instance:

gcloud workbench instances describe tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(gceSetup.shieldedInstanceConfig.enableVtpm)"

06 The command output should return the feature configuration status:

gceSetup:
	shieldedInstanceConfig: {}

If the workbench instances describe command output returns null, vTPM is not enabled for the selected instance. If the command output returns an empty object (i.e. {}) or an object without enableVtpm: true for the gceSetup.shieldedInstanceConfig configuration attribute, as shown in the output example above, the Virtual Trusted Platform Module (vTPM) feature is not enabled for the selected Vertex AI notebook instance.

07 Repeat steps no. 5 and 6 for each Vertex AI notebook instance provisioned for the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To enable the Virtual Trusted Platform Module (vTPM) security feature for your Google Cloud Vertex AI notebook instances, perform the following operations:

Enabling vTPM for Vertex AI notebook instances using Google Cloud Platform (GCP) console is not currently supported.

Using GCP CLI

01 Vertex AI notebook instances must be stopped before updating the shielded_instance_config configuration parameters. To stop your notebook instance, run workbench instances stop command (Windows/macOS/Linux) with the name of the instance that you want to stop as the identifier parameter:

gcloud workbench instances stop tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(state)"

02 The command output should return the new operational status for the selected notebook instance:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

state: STOPPED

03 Run workbench instances update command (Windows/macOS/Linux) with the name of the Vertex AI notebook instance that you want to update as the identifier parameter, to enable the Virtual Trusted Platform Module (vTPM) feature for the selected notebook instance:

gcloud workbench instances update tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --shielded-vtpm true
  --format="yaml(gceSetup.shieldedInstanceConfig.enableVtpm)"

04 The command output should return the current status of the vTPM feature:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

gceSetup:
	shieldedInstanceConfig:
	enableVtpm: true

05 To restart your Vertex AI notebook instance, run workbench instances start command (Windows/macOS/Linux) with the name of the instance that you want to start as the identifier parameter:

gcloud workbench instances start tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(state)"

06 The command output should return the new status of the selected notebook instance:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

state: PROVISIONING

07 Repeat step no. 1 – 6 for each Vertex AI notebook instance that you want to update, created for the selected GCP project.

08 Repeat steps no. 1 – 7 for each GCP project deployed in your Google Cloud account.

References

Publication date Sep 5, 2024