Instances should have Shielded VM secure boot enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | omission |
Description#
The configuration does not enable Shielded VM secure boot for Google Compute Engine instances, allowing the system to boot without verifying the digital signatures of boot components. This weakens protection against running unauthorized or tampered boot-level code.
Impact#
Without secure boot, attackers could compromise the boot process by injecting malicious code or rootkits, potentially gaining persistent unauthorized access or control over the VM. This increases the risk of undetected system compromise, data breaches, and further exploitation within the cloud environment.
Resolution#
Enable Shielded VM secure boot