Forum Discussion

Mohamed Faizal EPG SG's avatar
Mohamed Faizal EPG SG
Icon for Microsoft rankMicrosoft
Oct 27, 2016

Shielded VM's

Does it support other HSM (eg. Thales) for shielded VM's or is Bitlocker our only option?
Nir Ben Zvi's avatar
Nir Ben Zvi
Former Employee
Apr 22, 2017
Shielded VM supports HSM connected to the Host Guardian Service. The Shielded VM itself is encrypted using BitLocker with a key that reside inside a virtual TPM. The virtual TPM is then encrypted with a key that can only be unlocked by the Host Guardian Service key The Host Guardian Service key in turn can reside in an HSM so you have a chain of keys that is rooted in the HSM