Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 9. Configuring a RHEL instance on Google Cloud with AMD SEV SNP

To create a trusted boot environment, you can configure AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) on Red Hat Enterprise Linux (RHEL) instances on Google Cloud. SEV-SNP aims at protecting your data from access by the hypervisor and cloud service provider.

Prerequisites

Procedure

  1. Log in to Google Cloud by using the google-cloud-cli utility: 

    $ gcloud auth login
    Copy to Clipboard Toggle word wrap

  2. Create a new Google Cloud project: 

    $ gcloud projects create <example_sev_snp_project> --name="RHEL SEV SNP Project"
    Copy to Clipboard Toggle word wrap

  3. Configure the Google Cloud project: 

    $ gcloud config set project <example_sev_snp_project>
    Copy to Clipboard Toggle word wrap

  4. Create a RHEL compute instance: 

    $ gcloud compute instances create <example-rhel-10-sev-snp-instance> \
--confidential-compute-type=SEVSNP \
--machine-type=n2d-standard-2 \
--min-cpu-platform="AMD Milan" \
--maintenance-policy="TERMINATE" \
--image=<rhel-guest-image-10-0-20251016-6-x86-64> \
--image-project="rhel-cloud" \
--subnet=<example_subnet>
    Copy to Clipboard Toggle word wrap

  5. Connect to the RHEL instance by using public and private RSA key pair:

    1. Connect to the RHEL instance by using a new public and private RSA key pair: 

      $ gcloud compute ssh <cloud_user>@<example-rhel-10-sev-snp-instance>
      Copy to Clipboard Toggle word wrap

    2. Connect to the RHEL instance by using an existing key pair: 

      $ ssh -i <example_private_key> <cloud_user>@<instance_ip>
      Copy to Clipboard Toggle word wrap

Verification

  • Check metadata of VM configuration on RHEL instance: 

    $ gcloud compute instances describe <example-rhel-10-sev-snp-instance> --format="get(metadata)"
    Copy to Clipboard Toggle word wrap

  • Check kernel logs to verify status of SEV-SNP: 

    $ sudo dmesg | grep -i sev
    Copy to Clipboard Toggle word wrap 
    [ 0.302688] Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
[ 0.303645] SEV: Status: SEV SEV-ES SEV-SNP
[ 0.626662] SEV: APIC: wakeup_secondary_cpu() replaced with wakeup_cpu_via_vmgexit()
[ 0.686825] SEV: Using SNP CPUID table, 57 entries present.
[ 0.687645] SEV: SNP running at VMPL0.
[ 1.477045] SEV: SNP guest platform devices initialized.
[ 19.921893] systemd[1]: Detected confidential virtualization sev-snp.
[ 25.604801] systemd[1]: Detected confidential virtualization sev-snp.
[ 29.089032] sev-guest sev-guest: Initialized SEV guest driver (using VMPCK0 communication key)
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top