This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Secure Boot and vTPM
Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI), which is responsible for booting the system. It ensures that only trusted software is loaded during the boot process.
Trusted Platform Module (TPM) is a hardware chip that provides secure storage for cryptographic keys and other sensitive data. A Virtual Trusted Platform Module (vTPM) performs the same functions as a TPM, but it performs cryptographic coprocessor capabilities in software. While TPM can enhance security, it’s not a requirement for Secure Boot.
See the following for more information on supported cloud services:
- Secure Boot and NitroTPM in AWS
- Secure Boot and vTPM in Google Cloud Platform
- Secure Boot and vTPM in Microsoft Azure
- vTPM in VMware
- Secure Boot and vTPM for XenServer
Secure Boot and NitroTPM in AWS
In AWS environments, you can select a master image (AMI) with NitroTPM and/or UEFI Secure Boot enabled. Accordingly, the provisioned VMs in the catalog are also enabled with NitroTPM and/or UEFI Secure Boot. This implementation ensures that the VMs are secured and trusted. For more information on NitroTPM and UEFI Secure Boot, see the Amazon documentation. For creating a catalog enabled with NitroTPM and UEFI Secure Boot, see Enable NitroTPM and UEFI secure boot for VM instances.
Secure Boot and vTPM in Google Cloud Platform
You can provision shielded virtual machines on Google Cloud Platform (GCP). Shielded VM’s verifiable integrity is achieved by using the following features:
- Secure Boot
- vTPM-enabled Measured Boot
- Integrity monitoring
For more information on using PowerShell to create a catalog with shielded VM, see, see Using PowerShell to create a catalog with shielded VM.
Note:
If you install Windows 11 on the master image, then you must enable vTPM during the master image creation process. Also, if you use a machine profile for creating the catalog, then you must enable vTPM on the machine profile source (VM or instance template). For information on creating Windows 11 VMs on the sole-tenant node, see Create Windows 11 VMs on the sole-tenant node.
Secure Boot and vTPM in Microsoft Azure
In Azure environments, you can create machine catalogs enabled with Trusted Launch. Azure offers Trusted Launch as a seamless way to improve the security of generation 2 VMs. Trusted Launch protects against advanced and persistent attack techniques. To enable Trusted Launch, use a machine profile-based catalog configuration. At the root of Trusted Launch is Secure Boot for your VM. Trusted Launch also uses the vTPM to perform remote attestation by the cloud. This is used for platform health checks and for making trust-based decisions. You can individually enable Secure Boot and vTPM. For more information on creating a machine catalog with Trusted Launch, see Machine catalogs with Trusted launch.
vTPM in VMware
MCS supports creating a machine catalog with vTPM. If windows 11 is installed on the master image, then it is a requirement to have vTPM enabled for the master image. If machine profile-based configuration is used and vTPM is enabled, then VMs in the catalog inherit the same vTPM content from the VM template. If the machine profile is not used and the master image is vTPM enabled, then VMs in the catalog have blank vTPM. For more information, see Create a machine catalog using a machine profile.
Secure Boot and vTPM for XenServer
XenServer provides UEFI Secure Boot on some of its supported VM operating systems. Secure Boot prevents unsigned, incorrectly signed or modified binaries from being run during boot. On a UEFI-enabled VM that enforces Secure Boot, all drivers must be signed. For more information, see Guest UEFI and Secure Boot.
In XenServer 8, vTPM is not required for UEFI Secure Boot. However, to link a vTPM to a VM, that VM must be UEFI booted, whether Secure Boot is enabled or not. Windows 11 VM requires a linked vTPM and it is created automatically when the Windows 11 VM is created from the provided template. For other operating systems, a vTPM is optional. For more information, see vTPM.
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.