Google Cloud VM Shutdown by "Integrity Event"

Question

It seems like my Gooogle Cloud VM was shutdown by an "integrity event":

{
  "insertId": "3",
  "jsonPayload": {
    "lateBootReportEvent": {
      "policyEvaluationPassed": false,
      "policyMeasurements": [
        
      ],
      "actualMeasurements": [
        
      ]
    },
    "@type": "type.googleapis.com/cloud_integrity.IntegrityEvent",
    "bootCounter": "3"
  },
  "resource": {
    "type": "gce_instance",
    "labels": {
      "zone": "us-central1-a",
      "instance_id": "xxx",
      "project_id": "xxx"
    }
  },
  "timestamp": "2022-02-09T03:58:16.830409192Z",
  "severity": "ERROR",
  "logName": "projects/xxx/logs/compute.googleapis.com%2Fshielded_vm_integrity",
  "receiveTimestamp": "2022-02-09T03:58:18.846995634Z"
}

Can those be prevented or even disabled somehow?

Answer 1

Can those be prevented or even disabled somehow?

The answer depends on what you mean. You are using a Shielded VM which protects you from:

• Prevent tampering with the guest VM image.
• Prevent altering sensitive crypto operations.
• Prevent exfiltrating secrets sealed in the vTPM
• Prevent modifying the system with UEFI drivers.
• Prevent modifying guest firmware.
• Prevent modifying the kernel.

Those actions will trigger an integrity event. To prevent an integrity event, do not modify the system.

Refer to logName for more information.

Note: lateBootReportEvent compares the original baseline to the latest boot sequence. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.

What is Shielded VM?