gce/ERR/2024_003

GCE Shielded VM secure boot validations

Product: Compute Engine
Rule class: ERR - Something that is very likely to be wrong

Description

Identifies if Shielded VMs are facing boot issues due to Secure boot configurations and if there are Secure boot related fail events in cloud logging.

Remediation

To determine the cause of boot integrity validation failure, please review the article.

Update the baseline after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation, as these will cause integrity validation failures.

If you have an unexpected integrity validation failure, you should investigate the reason for the failure and be prepared to stop the instance if necessary.

Further information

Monitoring integrity on Shielded VMs
Automating responses to integrity validation failures