Shielded VM supports HSM connected to the Host Guardian Service. The
Shielded VM itself is encrypted using BitLocker with a key that reside
inside a virtual TPM. The virtual TPM is then encrypted with a key that
can only be unlocked by the Host Guardian Service key The Host Guardian
Service key in turn can reside in an HSM so you have a chain of keys
that is rooted in the HSM