About Shielded VMs

You can enable the Shielded VM service on your Compute Engine VM instances to help defend against rootkits and bootkits. Shielded VM leverages advanced platform security capabilities such as Secure Boot, Virtual trusted platform module (vTPM)-enabled Measured Boot, and Integrity monitoring.

For a more detailed overview, see Key concepts for Shielded VM.

To get started using Shielded VM, try the quickstart or see Modifying Shielded VM options.

You can monitor the integrity of your Shielded VMs in some of the following ways:

You can use Cloud Monitoring to monitor the boot integrity of Shielded VM instances. Next, you can identify the cause of an integrity validation failure, and update the integrity policy baseline accordingly.
You can also use a Cloud Run functions trigger to automatically act on integrity monitoring events.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-29 UTC.

About Shielded VMs Stay organized with collections Save and categorize content based on your preferences.