A two-year-old posting http://social.technet.microsoft.com/Forums/windows/en-US/6636ae2b-ad98-4759-90f0-67ab55462fac/can-i-use-tpm-base-services-in-a-vm?forum=w7itprosecurity&prof=required was never satisfactory answered. It's two years later
and many of us are on Server 2012 R2 for Hyper-V hosts and Clients. Can a TPM module on the hyper-v host provide security services to a hyper-v client on that host?
In that two year old thread, the discussion kept going back to using bitlocker with the key on a virtual floppy, which seemed to sidestep the question of the host's TPM module providing services to the client's running on that host. Have we made any progress towards that in the last two years?
If the TPM (or floppy) used only to decrypt bitlocker on a boot, is it adding anything additional security on a running system? If the host or client has a dirty shutdown, wouldn't that leave the disks in a decrypted state?
Now that I seem to do live migrations more often, would the TPM keys migrate with the hype-v client VM?
- Michael Faklis