Canonical, the company behind Ubuntu, has announced the availability of Ubuntu Confidential Virtual Machines (CVMs) on Microsoft Azure. Presently, Ubuntu 20.04 is the first and only Linux distribution to support CVMs on Azure, but this is likely to change in the future.
The new Ubuntu CVMs leverage Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), which is available on the third gen AMD CPUs. Previously, vulnerable code in the operating system, hypervisor, or firmware could put data at risk. Malicious cloud administrators could also pose a threat. With CVMs, the workload is isolated, and you only need to trust the hardware CPU and malicious admins can’t access the data either.
If you want to learn more about setting up a CVM, Microsoft has a detailed guide explaining the process. As mentioned earlier, Ubuntu 20.04 is the only Linux distribution to support CVMs at the moment, so you have to make sure you pick it.
Canonical made clear that its CVM on Azure is just a first step in delivering Ubuntu’s confidential-computing capabilities across public clouds. Presumably, it will also release an Ubuntu 22.04 CVM for Azure in the future, but it didn’t say if or when this would happen.