You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/confidential-computing/confidential-vm-faq-amd.yml
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -42,15 +42,15 @@ sections:
42
42
Collectively, AMD SEV technologies harden guest protections to deny hypervisor and other host management code access to VM memory and state.
43
43
Confidential VMs combine AMD SEV-SNP with Azure technologies such as full-disk encryption and [Azure Key Vault Managed HSM](../key-vault/managed-hsm/overview.md).
44
44
You can encrypt data in use, in transit, and at rest with keys that you control.
45
-
With built-in [Azure Attestation](https://azure.microsoft.com/services/azure-attestation/) capabilities, you can independently establish trust in the security health and underlying infrastructure of your confidential VMs.
45
+
With built-in [Azure Attestation](https://azure.microsoft.com/services/azure-attestation/) capabilities, you can independently establish trust in the security, health and underlying infrastructure of your confidential VMs.
46
46
47
47
- question: |
48
48
How do Azure confidential VMs (DCasv5/ECasv5) offer better protection against threats originating from both within and outside Azure cloud infrastructure?
49
49
answer: |
50
50
Azure VMs already offer industry leading security and protection against other tenants and malicious intruders.
51
51
Azure confidential VMs augment these protections by using hardware-based TEEs (Trusted Execution Environment) which leverage AMD’s SEV-SNP to cryptographically isolate and protect your data confidentiality and integrity even when they are in use.
52
-
This means not host admins, or services (including the Azure hypervisor) can directly view or modify the memory or CPU state of your VM.
53
-
Moreover, with full attestation capability, full OS disk encryption and hardeware-protected virtual Trusted Platform Modules, confidential VM persistent state is protected such that neither your private keys, nor are the contents of your memory are ever exposed to the hosting environment.
52
+
This means neither host admins, nor services (including the Azure hypervisor) can directly view or modify the memory or CPU state of your VM.
53
+
Moreover, with full attestation capability, full OS disk encryption and hardware-protected virtual Trusted Platform Modules, confidential VM persistent state is protected such that neither your private keys, nor the contents of your memory are ever exposed to the hosting environment.
54
54
55
55
- question: |
56
56
Are the virtual disks attached to confidential VMs automatically protected?
0 commit comments