Chapter 6. Configuring RHEL on Public Cloud Platforms with Intel TDX

1. Initialization and measurement: A TDX-enabled hypervisor sets the initial state of a VM. This hypervisor loads the firmware binary file into the VM memory and sets the initial register state. The Intel processor measures the initial state of the VM and provides details to verify the initial state of the VM.
2. Firmware: The VM initiates the UEFI firmware. The firmware might include stateful or stateless Virtual Trusted Platform Module (vTPM) implementation. Stateful vTPM maintains persistent cryptographic state across VM reboots and migrations, whereas stateless vTPM generates fresh cryptographic state for each VM session without persistence. Virtual Machine Privilege Levels (VMPL) technology isolates vTPM from the guest. VMPL offers hardware-enforced privilege isolation between different VM components and the hypervisor.
3. vTPM: Depending on your cloud service provider, for stateful vTPM implementation, the UEFI firmware might perform a remote attestation to decrypt the persistent state of vTPM. The vTPM also gathers data about the boot process, such as Secure Boot state, certificates used for signing boot artifacts, or UEFI binary hashes.

4. Shim : When the UEFI firmware finishes the initialization process, it searches for the extended firmware interface (EFI) system partition. Then, the UEFI firmware verifies and executes the first stage boot loader from there. For RHEL, this is shim. The shim program allows non-Microsoft operating systems to load the second stage boot loader from the EFI system partition.

   1. shim uses a Red Hat certificate to verify the second stage boot loader (grub) or Red Hat Unified Kernel Image (UKI).
   2. grub or UKI unpacks, verifies, and executes Linux kernel and initramfs, and the kernel command line. This process ensures that the Linux kernel is loaded in a trusted and secured environment.

5. Initramfs: In initramfs, vTPM information automatically unlocks the encrypted root partition in case of full disk encryption technology.

   1. When the root volume becomes available, initramfs transfers the execution flow there.
6. Attestation: The VM tenant gets access to the system and can perform a remote attestation to ensure that the accessed VM is an untampered Confidential Virtual Machine (CVM). Attestation is performed based on information from the Intel processor and vTPM. This process confirms the authenticity and reliability of the initial CPU and memory state of the RHEL instance and Intel processor.
7. TEE: This process creates a Trusted Execution Environment (TEE) to ensure that booting of the VM is in a trusted and secured environment.

Procedure

1. Log in to your Google Cloud account by using the google-cloud-cli utility:

   $ gcloud auth login

2. Create a new project:

   $ gcloud projects create <example_tdx_project> --name=”RHEL TDX Project”

3. Configure the project by setting the google-cloud-cli utility property:

   $ gcloud config set project <example_tdx_project>

4. Create a RHEL compute instance:

   $ gcloud compute instances create <example-rhel-9-tdx-instance> \
   --confidential-compute-type=TDX \
   --machine-type=c3-standard-4 \
   --min-cpu-platform="Intel Sapphire Rapids" \
   --maintenance-policy="TERMINATE" \
   --image=<rhel-guest-image-9-6-20250410-0-x86-64> \
   --image-project="rhel-cloud" \
   --subnet=<example_subnet>

5. Open ports on the RHEL instance:

   $ gcloud compute firewall-rules create allow-ssh \
   --allow tcp:22 \
   --source-ranges 0.0.0.0/0 \
   --target-tags ssh

6. Connect to the RHEL Google Cloud instance.

   1. Optional: Create a new key pair:

      $ gcloud compute ssh <cloud-user>@<example-rhel-9-tdx-instance>

   2. Connect to the RHEL instance by using your key pair:

      $ ssh -i <private key> <cloud-user>@<instance ip>