gce/BP_EXT/2021_003

Secure Boot is enabled

Product: Compute Engine
Rule class: BP_EXT - (Extended) Best practice, opinionated recommendation

Description

Google recommends enabling Secure Boot if you can ensure that it doesn’t prevent a representative test VM from booting and if it is appropriate for your workload. Compute Engine does not enable Secure Boot by default because unsigned drivers and other low-level software might not be compatible.

Remediation

Further information

Shielded VM