Microsoft has rolled out a new free Azure (opens in new tab) module that users can use to deploy virtual machines (VMs) with verified and signed bootloaders.
The new module builds upon the Virtual Trusted Platform Module (vTPM) to ascertain the integrity of the bootloader. While TPM has been a mainstay on modern servers (opens in new tab) for quite some time now, it’s still a comparatively new phenomenon in cloud computing (opens in new tab).
“The vTPM measurements give administrators visibility into the integrity of the entire boot process, and vTPM release policies ensure that keys, certificates, and secrets aren't accessible to compromised virtual machines,” shared Mark Russinovich, Chief Technology Officer and Technical Fellow, Microsoft Azure, as he announced the new module.
- We’ve also highlighted the best cloud hosting providers (opens in new tab)
- Here’s a list of the best web hosting services (opens in new tab)
- Check out our list of the best CRM software (opens in new tab)
The new module, named Azure Trusted Launch, is designed to safeguard VMs against rootkits and bootkits.
Russinovich shares that if the module detects suspicious activity while the VM is booting, it’ll flag it in the Azure Security Center, which serves as the single pane of glass for all kinds of integrity alerts, recommendations, and remediations that come by the way of the Trusted Launch module.
The module is currently in preview, and according to its documentation, ships with several limitations. For starters, it’s available only to customers in South Central US and Northern Europe.
It supports only a small subset of Azure VMs and will currently only work on new ones. However, by the time it’s generally available, Trusted Launch will also work with existing VMs as well.
- We've also highlighted the best endpoint protection software (opens in new tab)
Via: The Register (opens in new tab)