Finding Confidential VMs through GetComputeResourceSkus API

Vamsi S 20 Reputation points
2023-07-26T23:39:28.37+00:00

Hi,

We are trying to find Confidential VMs using the GetComputeResourceSkus API and need help in finding the right attribute/property for our reporting needs. We see there is a property called "ConfidentialComputingType" under the "capabilities" block, but not sure if this is the right property/capability to identify the VM is of Confidential type (copying JSON output snip below). Also, we see the value as "SNP", is this the only value set for this property ? Please suggest.

User's image

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,332 questions
0 comments No comments
{count} votes

Accepted answer
  1. Prrudram-MSFT 27,786 Reputation points
    2023-07-27T07:48:41.48+00:00

    Hi @Vamsi S

    The ConfidentialComputingType property with value 'SNP' under the 'capabilities' block is the correct property to filter the Confidential VMs. The value 'SNP' stands for Secure Nested Paging, which is the technology used by AMD processors to provide hardware-based memory isolation for confidential computing.

    However, there are other values that can be used for the ConfidentialComputingType property, depending on the type of confidential computing technology used by the processor. For example, Intel SGX processors use 'SGX' as the value for this property.

    SecurityEncryptionTypes : Specifies the EncryptionType of the managed disk. It is set to DiskWithVMGuestState for encryption of the managed disk along with VMGuestState blob, and VMGuestStateOnly for encryption of just the VMGuestState blob. Note: It can be set for only Confidential VMs

    References:
    https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions-amd

    https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-vm-faq-amd

    https://learn.microsoft.com/en-us/rest/api/compute/virtual-machines/get?tabs=HTTP#securityencryptiontypes

    https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions-sgx

    Azure and AMD announce landmark in confidential computing evolution

    If this does answer your question, please accept it as the answer as a token of appreciation.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.