AMD secure memory encryption and secure encrypted virtualization. Intel probably has something in the works, but today you can take a GCE instance from a signed coreboot through bootloader and kernel with logged attestation at each phase resulting in a VM using per-VM disk encryption key (you have to provide it in the RPC that starts the machine; it's supposedly otherwise ephemeral) with SME encrypted RAM (again, ephemeral per-machine key). Google calls it Confidential VM and Secure Boot for now.

Google builds its own solution into all servers... And to show that branding brilliance, uses the same name as for all things security: https://www.datacenterdynamics.com/en/news/google-reveals-de...

TPM is a server technology recently backported to laptops.