Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 7. Configuring a RHEL instance on Google Cloud with Intel TDX

Intel TDX is a hardware based trusted execution environment (TEE). This confidential computing technology provides isolation and integrity to virtual machines.

Prerequisites

Procedure

  1. Log in to your Google Cloud account by using the google-cloud-cli utility: 

    $ gcloud auth login
    Copy to Clipboard Toggle word wrap

  2. Create a new project: 

    $ gcloud projects create <example_tdx_project> --name=”RHEL TDX Project”
    Copy to Clipboard Toggle word wrap

  3. Configure the project by setting the google-cloud-cli utility property: 

    $ gcloud config set project <example_tdx_project>
    Copy to Clipboard Toggle word wrap

  4. Create a RHEL compute instance: 

    $ gcloud compute instances create <example-rhel-9-tdx-instance> \
--confidential-compute-type=TDX \
--machine-type=c3-standard-4 \
--min-cpu-platform="Intel Sapphire Rapids" \
--maintenance-policy="TERMINATE" \
--image=<rhel-guest-image-9-6-20250410-0-x86-64> \
--image-project="rhel-cloud" \
--subnet=<example_subnet>
    Copy to Clipboard Toggle word wrap

  5. Open ports on the RHEL instance: 

    $ gcloud compute firewall-rules create allow-ssh \
--allow tcp:22 \
--source-ranges 0.0.0.0/0 \
--target-tags ssh
    Copy to Clipboard Toggle word wrap

  6. Connect to the RHEL Google Cloud instance.

    1. Optional: Create a new key pair: 

      $ gcloud compute ssh <cloud-user>@<example-rhel-9-tdx-instance>
      Copy to Clipboard Toggle word wrap

    2. Connect to the RHEL instance by using your key pair: 

      $ ssh -i <private key> <cloud-user>@<instance ip>
      Copy to Clipboard Toggle word wrap

Verification

  • Check the VM configuration of the RHEL instance: 

    $ gcloud compute instances describe <example-rhel-9-tdx-instance> --format="get(metadata)"
    Copy to Clipboard Toggle word wrap

  • Check kernel logs to verify the status of the TDX feature: 

    $ sudo dmesg | grep -i tdx
    Copy to Clipboard Toggle word wrap 
    [    0.000000] tdx: Guest detected
[    1.334504] process: using TDX aware idle routine
[    1.413419] Memory Encryption Features active: Intel TDX
[    3.606910] systemd[1]: Detected confidential virtualization tdx.
[   10.680475] systemd[1]: Detected confidential virtualization tdx.
    Copy to Clipboard Toggle word wrap

  • Check the CPU flags of the VM: 

    $ grep -E 'tdx_guest' /proc/cpuinfo
    Copy to Clipboard Toggle word wrap 
    flags : ...`tdx_guest`...
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top