About Shielded VMs
You can enable the Shielded VM service on your Compute Engine VM
instances to help defend against rootkits and bootkits. Shielded VM
leverages advanced platform security capabilities such as
Secure Boot,
Virtual trusted platform module (vTPM)-enabled
Measured Boot, and
Integrity monitoring.
For a more detailed overview, see
Key concepts for Shielded VM.
To get started using Shielded VM, try the
quickstart
or see
Modifying Shielded VM options.
You can monitor the integrity of your Shielded VMs in some of the
following ways:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-26 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eShielded VM on Compute Engine enhances security against rootkits and bootkits.\u003c/p\u003e\n"],["\u003cp\u003eShielded VM uses Secure Boot, vTPM-enabled Measured Boot, and Integrity monitoring.\u003c/p\u003e\n"],["\u003cp\u003eYou can monitor the boot integrity of Shielded VM instances using Cloud Monitoring.\u003c/p\u003e\n"],["\u003cp\u003eCloud Run functions can be used to automate actions in response to integrity monitoring events.\u003c/p\u003e\n"]]],[],null,["# About Shielded VMs\n\n*** ** * ** ***\n\nYou can enable the Shielded VM service on your Compute Engine VM\ninstances to help defend against rootkits and bootkits. Shielded VM\nleverages advanced platform security capabilities such as\n[Secure Boot](/compute/shielded-vm/docs/shielded-vm#secure-boot),\n[Virtual trusted platform module (vTPM)](/compute/shielded-vm/docs/shielded-vm#vtpm)-enabled\n[Measured Boot](/compute/shielded-vm/docs/shielded-vm#measured-boot), and\n[Integrity monitoring](/compute/shielded-vm/docs/shielded-vm#integrity-monitoring).\n\nFor a more detailed overview, see\n[Key concepts for Shielded VM](/compute/shielded-vm/docs/shielded-vm).\n\nTo get started using Shielded VM, try the\n[quickstart](/compute/shielded-vm/docs/quickstart)\nor see\n[Modifying Shielded VM options](/compute/shielded-vm/docs/modifying-shielded-vm).\n\nYou can monitor the integrity of your Shielded VMs in some of the\nfollowing ways:\n\n- You can use [Cloud Monitoring](/monitoring/docs) to\n [monitor the boot integrity](/compute/shielded-vm/docs/integrity-monitoring) of\n Shielded VM instances. Next, you can identify the cause of an integrity\n validation failure, and update the integrity policy baseline accordingly.\n\n- You can also\n [use a Cloud Run functions trigger to automatically act](/compute/shielded-vm/docs/automating-responses-integrity-failures)\n on integrity monitoring events."]]
