TF 0233 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Instances should have Shielded VM secure boot enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | omission |
Description
The configuration does not enable Shielded VM secure boot for Google Compute Engine instances, allowing the system to boot without verifying the digital signatures of boot components. This weakens protection against running unauthorized or tampered boot-level code.
Impact
Without secure boot, attackers could compromise the boot process by injecting malicious code or rootkits, potentially gaining persistent unauthorized access or control over the VM. This increases the risk of undetected system compromise, data breaches, and further exploitation within the cloud environment.
Resolution
Enable Shielded VM secure boot