This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Secure boot
Secure boot is designed to ensure that only trusted software is used to boot the system. The firmware has a database of trusted certificates and verifies that the image it loads is signed by one of the trusted certificates. If that image loads further images, then that image must also be verified in the same way. vTPM is a virtualized software instance of a traditional physical TPM module. The vTPM enables attestation by measuring the entire boot chain of your VM (UEFI, OS, system, and drivers).
See the following for more information on supported cloud services:
- Secure boot in AWS
- Secure boot in Google Cloud Platform
- Secure boot in Microsoft Azure
- Secure boot in VMware
Secure boot in AWS
In AWS environments, you can select a master image (AMI) with NitroTPM and/or UEFI secure boot enabled. Accordingly, the provisioned VMs in the catalog are also enabled with NitroTPM and/or UEFI secure boot. This implementation ensures that the VMs are secured and trusted. For more information on NitroTPM and UEFI Secure Boot, see the Amazon documentation. For creating a catalog enabled with NitroTPM and UEFI secure boot, see Enable NitroTPM and UEFI secure boot for VM instances.
Secure boot in Google Cloud Platform
You can provision shielded virtual machines on GCP. A shielded virtual machine is hardened using a set of security controls that provide verifiable integrity of your Compute Engine instances, using advanced platform security capabilities like secure boot, a virtual trusted platform module, UEFI firmware, and integrity monitoring.
For more information on using PowerShell to create a catalog with shielded VM, see Using PowerShell to create a catalog with shielded VM.
Note:
If you install Windows 11 on the master image, then you must enable vTPM during the master image creation process. Also, you must enable vTPM on the machine profile source (VM or instance template). For information on creating Windows 11 VMs on the sole-tenant node, see Create Windows 11 VMs on the sole-tenant node.
Secure boot in Microsoft Azure
In Azure environments, you can create machine catalogs enabled with Trusted launch. Azure offers trusted launch as a seamless way to improve the security of generation 2 VMs. Trusted launch protects against advanced and persistent attack techniques. At the root of trusted launch is secure boot for your VM. Trusted launch also uses the vTPM to perform remote attestation by the cloud. This is used for platform health checks and for making trust-based decisions. You can individually enable secure boot and vTPM. For more information on creating a machine catalog with Trusted launch, see Machine catalogs with Trusted launch.
Secure boot in VMware
MCS supports creating a machine catalog with vTPM attached VMware template as a source for machine profile input. If windows 11 is installed on the master image, then it is a requirement to have vTPM enabled for the master image. Therefore, the VMware template, which is a source of machine profile, must have vTPM attached to it. For more information, see Create a machine catalog using a machine profile.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.