PSParentPath:Microsoft.PowerShell.Security\Certificate::LocalMachine\Shielded VM Local
Certificates
Thumbprint Subject
CC96FF66BB796D505EB52A0497D31BBD2603CB31 CN=Shielded VM Encryption
Certificate (JSavillVMs) (savdalhv07)
A9AF16BD57957716931AAF47C849964FFAF80FBE CN=Shielded VM Encryption
Certificate (test123) (savdalhv07)
A8CD4EBA86F85A330BA12A5B5381C3A2993E6EE3 CN=Shielded VM Signing
Certificate (JSavillVMs) (savdalhv07)
04AC1870A1D3A3513B3C92D5828D68E648A10BC2 CN=Shielded VM Signing
Certificate (test123) (savdalhv07)
In this environment, I have two owners (local guardians): JSavillVMs and test123.
This is why there are two sets of encryption and signing certificates. Get-HgsGuardian
confirms the guardians configured on a host.
PS C:> Get‐HgsGuardian
Name HasPrivateSigningKey Signing Certificate Subject
SavTech False CN=signing.savtechhgs.net
test123 True CN=Shielded VM Signing Certificate
(test123) (savdalhv07)
JSavillVMs True CN=Shielded VM Signing Certificate
(JSavillVMs) (savdalhv07)
Three guardians are on this host: the two local guardians and my HGS instance. Note
that the private keys are present on the host for the local guardians but not for the
HGS guardian. It is important to back up the local guardian certificates, including the
private keys, and keep them secure.
Now that a Host Guardian is available and an owner defined, a new key protector can
be created that will contain the encrypted symmetric transport key that will be used to
encrypt and decrypt the stored vTPM state. In this example, I apply only one guardian
to the new key protector, but multiple guardians could be added if the VM needed to
be moved between multiple fabrics with their own HGS instances.
$KP = New-HgsKeyProtector -Owner $Owner -Guardian $Guardian `
-AllowUntrustedRoot
This is best understood by looking at an example key protector that has an owner (a
local guardian) and two HGS guardians. In this case, they are SavTech and Azure,
since I may want to run this on my fabric and in the public cloud. Table 5.2 shows the
high-level content of a key protector that has this configuration. Notice that in the key
protector is the transport key (TK1) that is used to encrypt the vTPM saved state and is
encrypted once for each of the guardians, using the respective guardian’s public
encryption certificate (which means only the corresponding private key can decrypt).