This page documents production updates to Confidential Space. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
October 03, 2025
New Confidential Space images (251000 and 251001) are now available.
September 02, 2025
A new Confidential Space image (250800) is available.
March 31, 2025
Support for Confidential Space on Intel CPUs (C3 machine family) with Intel TDX is now generally available.
Confidential Space now allows adding specific Linux capabilities, including CAP_SYS_ADMIN, and provides a namespaced read or write cgroup.
New Confidential Space images (250300 and 250301) are now available.
March 28, 2025
AWS token support for Confidential Space is now generally available.
You can now integrate Confidential Space with AWS resources. For more information, see Integrate AWS resources.
February 05, 2025
A new Confidential Space image (250101) is now available.
Update go-sev-guest to v.0.12.1.
Update the verifier API version to include a new principal tag token type.
January 14, 2025
Added retry logic when pulling the workload image and calling the Confidential Computing API.
Improved the logging and monitoring experience. Added CPU metric monitoring to the image.
A new Confidential Space image (250100) is now available.
Updated default TPM Dictionary Lockout parameters. This change should significantly reduce the chance for users to get into the TPM lockout state.
Changed the default OOM score for the workload container.
October 21, 2024
A new Confidential Space image (241000) is now available. This image version adds IPv6 ingress traffic support.
The following Confidential Space images were also previously released:
- September 2, 2024 (240900):
- Added tmpfsmount support for Confidential Space workloads
- Added configurable /dev/shmsize for Confidential Space workloads
- Added retry capability to the container signature fetch.
- Minor bug fixes.
 
- Added 
- August 5, 2024 (240800):
- Moved to COS-113 as the base image.
- Patched OpenSSH vulnerability CVE-2024-6387 in the debug image.
 
July 01, 2024
A new Confidential Space image (240700) is now available. This image provides the following fixes:
- Fixed a bug that caused attestation token refreshing to fail.
May 30, 2024
A new Confidential Space image (240500) is now available. This image provides the following fixes:
- Fixed an issue where default service account credentials would expire after 1 hour, causing Failed to fetch signatures from the target repoerrors.
- Fixed a concurrent TPM access issue.
May 01, 2024
A new Confidential Space image (240402) is now available. This image provides support for automatically resizing the boot disk stateful partition. See disk and memory limits for more information.
February 28, 2024
Data collaborators can now check if memory monitoring is enabled on a Confidential VM running a Confidential Space workload.
A new Confidential Space image (240200) is now available. This image provides support for data collaborators to add memory monitoring as part of their attestation assertions.
December 18, 2023
A workload operator can now enable memory monitoring on the Confidential VM running the workload. This must be permitted by the workload author.
A new Confidential Space image (231201) is now available. This image provides support for Confidential VM memory monitoring.
December 05, 2023
You can now use custom attestation tokens to authenticate a workload to relying parties outside of Google Cloud. External relying parties can use authentication to help establish trust and exchange sensitive data securely.
A new Confidential Space image (231200) is now available. This image provides support for custom attestation tokens.
November 22, 2023
November 20, 2023
Support for VPC Service Controls is released to General Availability.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
November 08, 2023
Support for VPC Service Controls is released to Preview.
You can now protect Confidential Space using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
November 03, 2023
A new Confidential Space image (231001) is now available. This image provides support for signing container images.
October 04, 2023
A new Confidential Space image (230901) is now available. This image provides improved logging capabilities and increases the file descriptor limits.
June 30, 2023
A new Confidential Space image (230600) is now available. This image provides support for opening ports for inbound network traffic to your workload.
June 09, 2023
Ports can now be opened for ingress network traffic when using Confidential Space image version 230600 and above.
March 28, 2023
Confidential Space is now generally available.
Confidential Space is designed to let parties share sensitive data with a mutually agreed upon workload, while they retain confidentiality and ownership of that data. Such data might include personally identifiable information (PII), protected health information (PHI), intellectual property, cryptographic secrets, and more. Confidential Space helps create isolation so that data is only visible to the workload and the original owners of the data.
March 27, 2023
The assertion.swversion attestation assertion now verifies the Confidential Space image version number the workload is being run on, with the result returned as a list. Previously the assertion was used to determine whether the workload was running on a production or debug Confidential Space image, and the result was returned as an integer. You now determine if a production or debug image is being used with the assertion.dbgstat assertion.
The assertion.submods.confidential_space.support_attributes assertion can  be used to verify the support status of the Confidential Space image being used. It can be used, for example, to ensure that the workload is running on the latest version of the Confidential Space image.
February 28, 2023
A new Confidential Space image (2302-0) is now available. This image provides support for the following features and fixes:
- Attestation is now run in the same location as your workload.
- The launcher and workload return codes are now recorded in logs.
- A bug that prevented Docker from pulling images has been fixed.
February 27, 2023
The service account attached to a Confidential Space workload VM now requires the confidentialcomputing.workloadUser role to generate an attestation token. If you receive a permission denied message for confidentialcomputing.locations.list on your existing workload, add the role to the VM service account.
December 02, 2022
Preview: Confidential Space is designed to let parties share sensitive data with a mutually agreed upon workload, while they retain confidentiality and ownership of that data. Such data might include personally identifiable information (PII), protected health information (PHI), intellectual property, cryptographic secrets, and more. Confidential Space helps create isolation so that data is only visible to the workload and the original owners of the data.