Shielded VM's

Microsoft

Does it support other HSM (eg. Thales) for shielded VM's or is Bitlocker our only option?

2 Replies
From the Tech Ed only bitlocker
Shielded VM supports HSM connected to the Host Guardian Service. The Shielded VM itself is encrypted using BitLocker with a key that reside inside a virtual TPM. The virtual TPM is then encrypted with a key that can only be unlocked by the Host Guardian Service key The Host Guardian Service key in turn can reside in an HSM so you have a chain of keys that is rooted in the HSM