Instances should have Shielded VM secure boot enabled
Secure boot helps ensure that the system only runs authentic software.
Impact
Unable to verify digital signature of boot components, and unable to stop the boot process if verification fails.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enable Shielded VM secure boot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
resource "google_compute_instance" "good_example" {
name = "test"
machine_type = "e2-medium"
zone = "us-central1-a"
tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
// Local SSD disk
scratch_disk {
interface = "SCSI"
}
shielded_instance_config {
enable_secure_boot = true
}
}
|
Links