Preface: Why only 200 crappy words?
Trusted Launch provides the ability to improve the security of Generation 2 Azure VMs (as they use UEFI instead of BIOS, thus supporting Secure Boot) and supports several VM SKUs and variants of Windows and Linux.
Trusted Launch provides the capability to deploy Azure VMs with verified boot loaders, OS kernels, and drivers as well as the ability to validate the integrity of a VMs entire boot chain to ensure no root kits have been maliciously inserted.
Trusted Launch is made up of several technologies that can be enabled independently, they are:
- Secure Boot protects against the installation of malware-based rootkits and boot kits by ensuring that only signed operating systems and drivers can boot
- vTPM which is a virtualized version of a hardware Trusted Platform Module, compliant with the TPM2.0 spec, which enables attestation by measuring the entire boot chain of your VM including UEFI, OS and drivers
- Virtualization Based Security is a secure and isolated region of memory that Windows uses to run various security solutions with increased protection against vulnerabilities and malicious exploits
There is no additional cost or performance overhead to using Trusted Launch!
Trusted Launch can be used for Azure Virtual Desktop session host VMs.
Word Count: 200