Instances should have Shielded VM VTPM enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | omission |
Description#
The configuration does not enable Shielded VM’s virtual TPM (vTPM) on Google Compute instances. Without vTPM, VMs lack key hardware-backed security features that help protect against boot-level and system state tampering.
Impact#
Without vTPM enabled, attackers may more easily modify or compromise the VM’s boot process or system state, potentially leading to privilege escalation, persistence of malicious code, or bypassing security controls. This increases the risk of unauthorized access and data breaches.
Resolution#
Enable Shielded VM VTPM