Ensure that the Secure Boot security feature is enabled for your Vertex AI notebook instances in order to protect them against malware and rootkits. Secure Boot helps ensure that the system runs only authentic software by verifying the digital signature of all boot components, and halts the boot process if the signature verification fails. Secure Boot is disabled by default because of the third-party unsigned kernel modules that can't be loaded when the feature is enabled. If you don't use third-party unsigned kernel modules, it is highly recommended to enable Secure Boot for your Vertex AI notebook instances.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
Enabling Secure Boot for Vertex AI notebook instances enhances security by ensuring that only authorized software is executed. This protects against boot-level and kernel-level malware, including rootkits, thereby strengthening the overall security of your AI workloads.
Audit
To determine if your Vertex AI notebook instances are protected with Secure Boot, perform the following operations:
Remediation / Resolution
To enable the Secure Boot security feature for your Google Cloud Vertex AI notebook instances, perform the following operations:
Enabling Secure Boot for Vertex AI notebook instances using Google Cloud Platform (GCP) console is not currently supported.References
- Google Cloud Platform (GCP) Documentation
- Shielded VMs
- What is Shielded VM?
- Introduction to Vertex AI Workbench
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud workbench instances list
- gcloud workbench instances describe
- gcloud workbench instances stop
- gcloud workbench instances update
- gcloud workbench instances start
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Secure Boot for Notebook Instances
Risk Level: Medium