gcp: add Launch a confidential VM part

modules/ROOT/pages/provisioning-gcp.adoc

@@ -85,3 +85,40 @@ gcloud compute instances create                \
 
 NOTE: By design, https://cloud.google.com/compute/docs/startupscript[startup scripts] are not supported on FCOS. Instead, it is recommended to encode any startup logic as systemd service units in the Ignition configuration.
 Again, note you need to use the `user-data` key for Ignition; it will also not work to paste Ignition into this field in the web console.
+
+
+== Launch a Confidential VM
+
+NOTE: For an overview about confidential VMs on GCP see https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview[confidential VM overview].
+
+To launch a confidential FCOS instance specify the confidential compute type, and a related https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations[machine type] that supports confidential compute.
+From the command-line, use `--confidential-compute-type` and `--machine-type`.
+
+.Launching a confidential instance using confidential type `AMD SEV_SNP`
+[source, bash]
+----
+STREAM='stable'
+NAME='fcos-cvm-node01'
+ZONE='us-central1-a'
+CONFIG='example.ign'
+MACHINE_TYPE='n2d-standard-2'
+gcloud compute instances create                \
+    --image-project "fedora-coreos-cloud"      \
+    --image-family "fedora-coreos-${STREAM}"   \
+    --metadata-from-file "user-data=${CONFIG}" \
+    --confidential-compute-type "SEV_SNP"      \
+    --machine-type "${MACHINE_TYPE}"           \
+    --maintenance-policy terminate             \
+    --zone "${ZONE} "${NAME}"
+----
+
+NOTE: Currently, we don't support `--confidential-compute-type=TDX` on GCP, see https://github.com/coreos/fedora-coreos-tracker/issues/1814[this issue] for more details.
+
+. Example Confidential VM Boot Verification
+[source, bash]
+----
+ssh core@<ip address>
+# Confirm the VM is using `AMD SEV-SNP` confidential type
+sudo systemd-detect-virt --cvm
+sev-snp
+---