Security type of confidential VM with Terraform in Azure

For a school project, we are currently trying to set up an AMD SEV confidential VM utilizing Terraform with Azure. However, we cannot find any documentation on how to create a confidential VM within this environment. Presumably, we should be able to achieve this by setting the security type to Confidential in the Terraform code. However, it is defaulting to a <NULL> value. Our goal is to find the argument responsible for setting this value.

Part of our ‘’ file looks like this:

# Create virtual machine
resource "azurerm_linux_virtual_machine" "my_terraform_vm" {
  name                  = "ccAmdVM"
  location              = azurerm_resource_group.rg.location
  resource_group_name   =
  network_interface_ids = []
  size                  = "Standard_DC2as_v5"

  os_disk {
    name                     = "myOsDisk"
    caching                  = "ReadWrite"
    storage_account_type     = "StandardSSD_LRS"

  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-confidential-vm-focal"
    sku       = "20_04-lts-cvm"
    version   = "latest"

However, when we tried to apply this code with Terraform, we got the following error:

│ Error: creating Linux Virtual Machine: (Name "ccAmdVM" / Resource Group "rg-gorgeous-lynx"): compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The VM size 'Standard_DC2as_v5' is not supported for creation of VMs and Virtual Machine Scale Set with '<NULL>' security type."
│   with azurerm_linux_virtual_machine.my_terraform_vm,
│   on line 111, in resource "azurerm_linux_virtual_machine" "my_terraform_vm":
│  111: resource "azurerm_linux_virtual_machine" "my_terraform_vm" {

A few sources suggested using the security_encryption_type argument with the value VMGuestStateOnly inside the os_disk block, but this generated the following error:

│ Error: Unsupported argument
│   on line 122, in resource "azurerm_linux_virtual_machine" "my_terraform_vm":
│  122:     security_encryption_type = "VMGuestStateOnly"
│ An argument named "security_encryption_type" is not expected here.

We tried to create a confidential VM using the Azure GUI, which was successful. Here it was possible to set security type to Standard, Trusted Launch Virtual Machines or Confidential Virtual Machines, of which the latter value was used. After successfully creating the VM we could see that it was set to Confidential in the Azure portal overview tab.

One would think the expected solution is fairly simple, e.g. by using the argument security_type with a value such as confidential. However, since confidential computing is a relatively new concept, there appears to be no answer or documentation on this anywhere.