Shielded instances harden the firmware security on bare metal hosts and virtual machines (VMs) to defend against malicious boot level software.
How Shielded Instances Work
Shielded instances use the combination of Secure Boot, Measured Boot, and the Trusted Platform Module (TPM) to harden the firmware security on your instances.
- Secure Boot and the Trusted Platform Module (TPM) are available on all supported bare metal and VM instances.
- Measured Boot is only available on VM instances. If you want to use Measured Boot on a bare metal instance, you can use an open source solution.
- On bare metal instances, you can enable Secure Boot and the TPM together or independently.
- On VM instances, Measured Boot and the TPM must be used together with Secure Boot. Therefore, when you enable Measured Boot on a VM instance, Secure Boot and the TPM are also enabled.
Limitations and Considerations
Be aware of the following information:
- Shielded instances do not support live migration or reboot migration. See Migrating Shielded Instances for more details.
- If you enable the hardware TPM on a bare metal instance, the instance cannot be migrated, because the hardware TPM is not migratable.
- Custom images are not supported.
- Updating Forbidden Signatures Databases (DBX) on shielded VM instances is not supported. A DBX maintains a secure boot database of signatures that are not authorized to run on the platform. Applying DBX updates on a shielded VM instance might prevent the instance from booting. To update the DBX, create a new shielded VM instance with an image that includes the DBX updates.
- When you terminate an instance, any Machine Owner Keys (MOK) are deleted. If you used a kernel signed by a MOK to boot and the instance was terminated, when you create a new instance with Secure Boot, you need to use a kernel that boots from a standard UEFI secure database key. After the instance boots, add the Machine Owner Keys, and then reboot into your MOK-signed kernel.
- When you create a shielded instance using Linux 7.x and then reboot the instance, PCR values might change, causing the red shield to appear. See PCR values change after reboot on Linux 7.x.
- When you edit a shielded instance, only the name of the instance can be changed. You cannot change the shape of the instance after it is launched, and you cannot change the migration settings.
Supported Shapes and Images
You can use the following shapes to create shielded instances: Note
Measured Boot is only available on VM instances.
- VM.Standard2.1
- VM.Standard2.2
- VM.Standard2.4
- VM.Standard2.8
- VM.Standard2.16
- VM.Standard2.24
- BM.Standard2.52
- BM.Standard.E3
- BM.DenseIO2.52
Shielded instances are supported on the following platform images:
- Oracle Linux 8.x
- Oracle Linux 7.x
- CentOS 8.x
- CentOS 7.x
- Ubuntu 20.04
- Ubuntu 18.04
For more details, visit OCI shielded instances.